Thursday, March 19, 2020

Lenovo RackSwitch G7052 - Janky ACL = normal?

Folks,

Wearing my (former) Cisco hat I feel my "working" Lenoco Rackswitch ACL is janky. TLDR - I want to limit a single port to 2 different MAC addresses. In lieu of no real port security options to address this directly, I had to use an ACL (shown below).

! access-control list 151 ethernet source-mac-address AB:CD:EF:GH:IJ:KL ff:ff:ff:ff:ff:ff access-control list 151 action permit ! access-control list 152 ethernet source-mac-address AB:CD:EF:GH:IJ:KL ff:ff:ff:ff:ff:ff access-control list 152 action permit ! access-control list 153 ethernet ethernet-type any access-control list 153 action deny ! access-control group 150 list 151 access-control group 150 list 152 access-control group 150 list 153 ! interface port 22 access-control group 150 

Note: I did remove the real MAC addresses from the above.

Note #2: I do know there is no G-L as valid options in MAC addresses.

  1. I can't seem to figure out how to have a single ACL with multiple source MAC addresses listed -- is this a limitation or are my expectations wrong? I find it "wrong" to have to have an entire ACL for specific MAC addresses


No comments:

Post a Comment