Page 1 of 1
OS6900 convert cisco ACL to network policy
Posted: 06 Nov 2024 09:52
by michaelr
Hello,
I am replacing a Cisco layer 3 device that had an ACL setup to allow one vlan access to only DHCP, DNS and the Internet. Can someone provide a good starting point for a network policy for the 6900?
Thanks
Re: OS6900 convert cisco ACL to network policy
Posted: 06 Nov 2024 14:52
by Cristek
Hi, let's see if this points you in the right direction:
In this scenario the DHCP is 10.20.20.1 and DNS is 10.20.20.2 and they both reside in the Corporate network.
I want to block Guests from everything else internally. They can still go online just fine.
Code: Select all
vlan 10 name 'guest'
vlan 20 name 'corporate'
vlan 30 name 'voip'
policy network group 'servers' 10.20.20.1 10.20.20.2
policy condition 'allow servers' source vlan 10 destination network group 'servers'
policy condition 'deny corporate' source vlan 10 destination vlan 20
policy condition 'deny voip' source vlan 10 destination vlan 30
policy action 'allow'
policy action 'deny' disposition deny
policy rule 'allow servers' precedence 100 condition 'allow servers' action 'allow'
policy rule 'deny corporate' precedence 90 condition 'deny corporate' action 'deny'
policy rule 'deny voip' precedence 80 condition 'deny voip' action 'deny'
qos apply
You can find out more in the QOS Policy section of the Network Configuration Manual:
https://www.spacewalkers.com/resources/ ... tion-guide
Hope this helps!
Re: OS6900 convert cisco ACL to network policy
Posted: 07 Nov 2024 09:00
by michaelr
Thank you for this starter policy and reference manual. I will modify and test today.
Thanks!