AOS ACL Configuration to allow interVlan routing within the Group

Post Reply
THC1958
Member
Posts: 3
Joined: 04 Jun 2017 12:35

AOS ACL Configuration to allow interVlan routing within the Group

Post by THC1958 » 04 Jun 2017 13:14

Hi There,

Can anyone help me to write an ACL on AOS to allow InterVLAN ( Network) routing within the same VLAN ( Network) group only. While All VLAN ( network) must be able to access Voice VLAN ( Network)
Example :

Group1
---------
VLAN ID 1011 - 10.1.1.0/24
VLAN ID 1012 - 10.1.2.0/24
VLAN ID 1071 - 10.7.1.0/24

Group2
--------
VLAN ID 1021 - 10.2.1.0/24
VLAN ID 1022 - 10.2.2.0/24
VLAN ID 1072 - 10.7.2.0/24

Group3
---------
VLAN ID 1031 - 10.3.1.0/24
VLAN ID 1032 - 10.3.2.0/24
VLAN ID 1073 - 10.7.3.0/24

VOICE VLAN ID 1099 - 10.99.0.0/16

tq/THC

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1127
Joined: 01 Jul 2008 10:51
Location: Germany

Re: AOS ACL Configuration to allow interVlan routing within the Group

Post by silvio » 05 Jun 2017 02:49

Hi,
one possibility is to deny the unwanted traffic.

policy network group G1 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 10.7.1.0 255.255.255.0
policy network group G2 10.2.1.0 255.255.255.0 10.2.2.0 255.255.255.0 10.7.2.0 255.255.255.0
policy network group G3 10.3.1.0 255.255.255.0 10.3.2.0 255.255.255.0 10.7.3.0 255.255.255.0
policy condition G1-G2 source network group G1 destination network group G2
policy condition G1-G3 source network group G1 destination network group G3
policy condition G3-G2 source network group G3 destination network group G2
...
policy action deny disposition deny
policy rule G1-G2 condition G1-G2 action deny
policy rule G1-G3 condition G1-G3 action deny
policy rule G3-G2 condition G3-G2 action deny
...
qos apply

regards
Silvio

THC1958
Member
Posts: 3
Joined: 04 Jun 2017 12:35

Re: AOS ACL Configuration to allow interVlan routing within the Group

Post by THC1958 » 05 Jun 2017 09:40

Hi Silvio,

Thanks for your script. Let me try it out.

TQ

THC1958
Member
Posts: 3
Joined: 04 Jun 2017 12:35

Re: AOS ACL Configuration to allow interVlan routing within the Group

Post by THC1958 » 07 Jun 2017 15:47

Hi Silvio,

1st, I have tried to load the script to a OS6850-24 switch. but it was unsuccessful due to some error. Appreciate if you can correct it and post it again.
2ndly, could you please let me know why i can't see the policy configuration while execute "show configuration snapshot all".

appreciate your expert advise.

Thanks/THC

Post Reply

Return to “OmniSwitch 6850 / 6850E”