Reset Search



ACL in EXOS to allow only specific traffic egressing a port

« Go Back


TitleACL in EXOS to allow only specific traffic egressing a port
In a multicast environment with the IGMP snooping disabled, there is a possibility of unnecessary traffic flooding out of the port connected to the video recording devices.
This could lead to a congestion on the port and eventually the packet drops and intermittent recording issues.
Summit and Blackdiamond Series(which supports egress ACL)
EXOS all

With high amount of multicast traffic flow in the VLAN and IGMP snooping disabled, it is expected that the traffic is flooded out of the port.
This is an expected behavior.
If the hardware supports the egress ACL, the following ACL could be a work-around.
Egress ACL supported platforms: 

(BlackDiamond X8 series switches, BlackDiamond 8000 c-, xl-, xm-series
modules, E4G-200 and E4G-400 switches, and Summit X460, X460-G2,
X480, X670, X670-G2, and X770 switches only).
entry test {
if match all {
    destination-address xx.xx.xx.xx/xx; — > IP and subnet of the required traffic 
then {
    permit  ;
    count permitted ;

entry test1 {
if match all {
    destination-address xx.xx.xx.xx/xx ; —>  deny the rest of the multicast traffic. 
then {
    deny  ;
    count denied ;

configure access-list <acl_name> port <port numbers> egress
Please refer the link below to know how to create and apply ACL in EXOS.
How to create and apply an ACL in EXOS

Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255