Configure a Listener Policy

Follow this procedure to map an ACL to an ingress policy and an egress and define actions for a matching ACL.

About this task

Each listener policy can exist as multiple instances, which are differentiated by a user-specified, unique sequence ID. A listener policy maps an ACL of each type to an egress and defines the actions for the matching ACL.

Note

In the examples that follow the configuration commands for this task, bold font is used to show the relationship between the items you configure and then bind. The example parameters and optional settings are only a partial set of those available. See the Extreme 9920 Software Command Reference, 21.1.0.0 for more information.

1. Run the configure terminal command to access Config mode.
   The command line changes to configuration mode.

   

   device(config)# 

2. Configure an access list and the actions for this ACL.
   ip access-list acl-name
3. Create the listener policy, match the ACL, and include any action subcommands for the policy.
   listener-policy name seq
   

   device(config)# listener-policy lp-2
   device(config-listener-policy)# match ip address acl5-ipv4
   
   device(config-listener-policy)# strip-brtag
   device(config-listener-policy)# vlan vl-4085
   device(config-listener-policy)# description “ABCD”

4. Configure an egress policy, and bind the listener policy, specifying any additional egress actions.
   egress name

   

   device(config-egress)# egress e2
   device(config-egress)# set listener-policy lp-2
   device(config-egress)# precedence 1 interface ethernet 1/14

5. Configure an egress group and associate it with the egress policy.
   egress-group group-name

   

   device(config-egress-group)# egress-group eg_1
   device(config-egress-group)# description egress-group_1
   device(config-egress-group)# set egress e2

6. Configure the route map, and set any other parameters, such as forwarding actions, match ip access list, and the egress-group.
   route-map map-name seq

   

   device(config-route-map)# route-map R1 10
   device(config-route-map)# forward-action permit
   device(config-route-map)# match ip access-list test_1
   device(config-route-map)# set egress-group eg_1

7. Configure the interface port and channel for egress traffic.
   interface slot / port-number

   

   Note

   In the following example, traffic is leaving on slot/port-number 2/14.

   

   interface ethernet 1/14
   speed 100000
   description To_Tool
   no shutdown

8. Configure the interface port and channel for ingress traffic.
   interface slot / port-number

   

   Note

   In the following example, traffic is coming in on slot/port-number 2/3.

   

   interface ethernet 1/3
   description From_TAP
   ingress-group TAP_TRAFFIC
   no shutdown

9. Configure an ingress group and associate a route map.
   ingress-group group-name

   

   ingress-group TAP_TRAFFIC
   set route-map R1 10