Wired

last person joined: 21 hours ago 

Basics: AOS-CX ACL with VLAN as Source

This thread has been viewed 4 times
  • 1.  Basics: AOS-CX ACL with VLAN as Source

    Posted May 06, 2021 12:45 AM

    AOS-CX ACL with VLAN as Source


    Can I somehow create an ACL that uses a local subnet as source?

     something like:

     access-list ip CoPP

    permit any vlan3100 any

     apply access-list ip CoPP control-plane vrf default

     
    Use Case: customer would like to allow control-plane access to a switch from one local subnet/VLAN but not work with the source network in an ACL.

    You can build aliases as below so the ACL is identical across all switches, but that alias would have to be populated during deployment.

    object-group ip address object_name

    10 10.0.0.0/255.0.0.0

    access-list ip ACL_name

    10 permit any object_name any


    Thanks to Chris and Oliver!

    Good day!

    ------------------------------
    Yash NN
    ------------------------------