/dev/blog von Jürgen Jaritsch

Extreme Networks ACL

Veröffentlicht am 11. September 2012 von jjaritsch

# vi ssh-acl.pol

ssh-acl.pol:

entry permitMGMT {
	if match all {
		protocol tcp;
		destination-port 22-23;
		source-address 1.1.1.1/32;
		destination-address 2.2.2.2/32;
	} then {
		permit;
		count permitMGMT;
	}
}

entry dropMGMT {
	if match all {
		protocol tcp;
		destination-port 22-23;
		destination-address 2.2.2.2/32;
	} then {
		deny;
		count dropMGMT;
	}
}

# check policy ssh-acl
# configure access-list ssh-acl vlan Mgmt