Hey guys, ran into a weird one today and I'm having a hard time wrapping my head around it. I am trying to convert a big list of extended ACLs from Cisco over to new Aruba 8400 switches running (ArubaOS-CX). Apparently, ArubaOS-CX does not support wildcards in ACLs. The problem is that there are quite a few wildcards that are discontinuous so converting to standard mask would be rather ugly. After reaching out to Aruba they stated that ArubaOS-CX does support discontinuous netmasks and I should be able to mirror what they have by leveraging this. Not being familiar with discontinuous masks I did a bit of research but there is unsurprisingly a lack of content around this.
Wondering if I just invert everything, like this?
Extended IP access list Example-out
10 permit tcp any 10.0.224.0 0.255.15.255 => 10 permit tcp any 10.0.224.0 255.0.240.0
20 permit ip 10.0.0.0 0.255.255.3 => 20 permit ip 10.0.0.0 255.0.0.252
No comments:
Post a Comment