Hello,
I am replacing a Cisco layer 3 device that had an ACL setup to allow one vlan access to only DHCP, DNS and the Internet. Can someone provide a good starting point for a network policy for the 6900?
Thanks
OS6900 convert cisco ACL to network policy
Re: OS6900 convert cisco ACL to network policy
Hi, let's see if this points you in the right direction:
In this scenario the DHCP is 10.20.20.1 and DNS is 10.20.20.2 and they both reside in the Corporate network.
I want to block Guests from everything else internally. They can still go online just fine.
You can find out more in the QOS Policy section of the Network Configuration Manual:
https://www.spacewalkers.com/resources/ ... tion-guide
Hope this helps!
In this scenario the DHCP is 10.20.20.1 and DNS is 10.20.20.2 and they both reside in the Corporate network.
I want to block Guests from everything else internally. They can still go online just fine.
Code: Select all
vlan 10 name 'guest'
vlan 20 name 'corporate'
vlan 30 name 'voip'
policy network group 'servers' 10.20.20.1 10.20.20.2
policy condition 'allow servers' source vlan 10 destination network group 'servers'
policy condition 'deny corporate' source vlan 10 destination vlan 20
policy condition 'deny voip' source vlan 10 destination vlan 30
policy action 'allow'
policy action 'deny' disposition deny
policy rule 'allow servers' precedence 100 condition 'allow servers' action 'allow'
policy rule 'deny corporate' precedence 90 condition 'deny corporate' action 'deny'
policy rule 'deny voip' precedence 80 condition 'deny voip' action 'deny'
qos apply
https://www.spacewalkers.com/resources/ ... tion-guide
Hope this helps!
Re: OS6900 convert cisco ACL to network policy
Thank you for this starter policy and reference manual. I will modify and test today.
Thanks!
Thanks!
