Virtual Extensible LAN (VXLAN) VXLAN Virtual Network Identifier (VNI) Access Control List (ACL) Match Criteria

Starting with ExtremeXOS 22.1, user ACLs can additionally match the Virtual Extensible LAN (VXLAN) Virtual Network Identifier (VNI) on an egress-terminated VXLAN packet (egress VTEP scenario), or on a transit switch. The VNI match criteria is available for both static and dynamic ingress Access Control Lists (ACLs).

The following match criteria syntax can be added to the “if” clause of a policy rule:

vxlan-vni vni number

The following policy example matches VNI 100 and increments a counter:

entry countvni100 {
 if {
      vxlan-vni 100;
 } then {
      count vni100;
}}

Supported Platforms

Summit X770 and X670-G2 series switches (standalone), and stacks that have X770 and X670-G2 slots only.

Published November 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services

Virtual Extensible LAN (VXLAN) VXLAN Virtual Network Identifier (VNI) Access Control List (ACL) Match Criteria

Supported Platforms