ACL based on L2 or L3 headers

danguijundanguijun Member
Posted by danguijun

Good day Folks,

Is there a way to create an aFleX to behave like an ACL on AX to permit/ drop / pool traffic based on the following parameters?

- Source MAC address
- Destination MAC address
- Protocol type (e.g. TCP, GRE, etc.)

The latter (protocol) i found it on aFleX manual that we could use it as a Event, but wanted to know if we could create an ACL using it. The others (MAC src and dst) i am not sure about it, and would need help to confirm compliance.

Other question would be if we could create natively under AX ACLs based on the above mentioned parameters.

Thank you in advance,

Daniel

Comments

  • edited July 2022
    Posted by ddesmidt

    Hi Daniel,

    We can use aFleX to do actions based on the IP protocol with the aFleX command "IP::protocol".
    For instance:
    Code:





    when CLIENT_ACCEPTED { if { [IP::protocol] == 6 } { pool tcp_pool } else { pool slow_pool } }





    We don't have today the ability to look at the layer2 (mac addresses).
    If that's something important for you, I do recommend you escalate that with your A10 Networks Sales and I'm sure our Engineering can get it delivered fast to you 

    Dimitri
Sign In or Register to comment.