Ip lock and release by ACL

[fabiovfc]

Dear group members.
Greetings!
I would like help.
I need to know how to authorize access to certain ips on my network to connect via ssh and https on the Alcatel6860e switch. After this authorization of the chosen ips, I block the rest of my network so that no one can get this access via ssh, htttps.
I have as an example this simple ACL that I use on switches from HPE manufacturers and it's perfect for me.

acl number 2000
description – ACCESS LIMITATION
rule 1 permit source 200.144.XX.10 0
rule 2 permit source 200.144.XX.20 0
rule 10 deny source 200.144.XX 0 0.1.255
rule 11 deny

Would anyone know how to guide me, how to do this same procedure on the alcatel 6860e switch?

[silvio]

here an example to limit the access only for special IPs:

Code: Select all

policy network group MGM-PC 200.144.XX.10 200.144.XX.20
policy condition MGM source network group MGM-PC
policy condition NOT-MGM destination network group Switch
policy action ALLOW
policy action DENY disposition deny
policy rule MGM precedence 100 condition MGM action ALLOW
policy rule NOT-MGM precedence 10 condition NOT-MGM action DENY
qos apply

So all OTHER devices are forbidden to have access.
if realy necessary you can use similar config like at HPE (to forbid only one network)

Code: Select all

policy condition NOT-MGM source ip 200.144.xx.0 mask 255.255.255.0 destination network group Switch

best regards
Silvio

[fabiovfc]

Hello Silvio,
Thank you very much!
Your help was very important to me.
I will implement and test.
Best regards

[fabiovfc]

Good afternoon

I would like to remove this ACL rule I implemented.
I tried for exp:
- no policy network group MGM-PC
- no policy condition MGM source network group MGM-PC

Can anybody help me?

Thank you very much

[silvio]

no policy rule MGM
no policy condition MGM
no policy network group MGM-PC
qos apply

[fabiovfc]

Good Morning
Silvio
Thank you very much