Reset Search
 

 

Article

Summit reports error when applying ACL to VLAN/Port

« Go Back

Information

 
TitleSummit reports error when applying ACL to VLAN/Port
Symptoms
When applying an ACL to a VLAN or Port the following error displays:

Switch.1# config access Test vlan Red
Error: Policy Test has syntax errors 
Line 10 : Attribute source-address already exists as a match statement in Acl entry. 
Environment
  • X460G2-24p-10G4
  • 15.7.1.4
Cause
Due to the fact than an ACL is more or less a filter that acts at wire speed you can only have one match statement per filter in your ACL.
Resolution
You can only have one match statement per filter in your ACL. You need to create an entry per source-address.

Match criteria typically falls into one of 3 categories:
* Layer 2 fields-for example, source MAC address, destination MAC address, VLAN ID, etc.
* Layer 3 fields-for example, source IP address, destination IP address, IP protocol (V4 and V6), etc.
* Layer 4 fields-for example, ICMP type, TCP port numbers, or port range (both source or destination), etc. Generally, you can mix and match all of these different match criteria in a single rule. For instance, a Layer 2 field matching with Layer 3 and Layer 4 rules. But you cannot have all match criteria in a single rule. There is a certain width of search key that limits the number of match criteria in single rule.

The two possible choices for the match type are:

* match all-All the match conditions must be true for a match to occur. This is the default.
* match any-If any match condition is true, then a match occurs.

For more information on creating ACL, refer to the below link:
http://extrcdn.extremenetworks.com/wp-content/uploads/2014/10/ACL_Solutions_Guide.pdf
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255