Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/srl-labs/srl-acl-lab
Get to know ACLs on SR Linux
https://github.com/srl-labs/srl-acl-lab
clab-topo codespaces srlinux
Last synced: 9 days ago
JSON representation
Get to know ACLs on SR Linux
- Host: GitHub
- URL: https://github.com/srl-labs/srl-acl-lab
- Owner: srl-labs
- License: apache-2.0
- Created: 2024-06-12T18:11:46.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-08-01T09:32:23.000Z (4 months ago)
- Last Synced: 2024-08-01T11:00:17.354Z (4 months ago)
- Topics: clab-topo, codespaces, srlinux
- Homepage:
- Size: 2.49 MB
- Stars: 2
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Access Control Lists on SR Linux
Get to know ACLs on SR Linux
---
**[Run](https://codespaces.new/srl-labs/srl-acl-lab?quickstart=1) this lab in GitHub Codespaces for free**.
[Learn more](https://containerlab.dev/manual/codespaces) about Containerlab for Codespaces.
Machine type: 2 vCPU · 8 GB RAM
---
After lab is started the following ping should succeed, as there is no default ACL in place.
```
sudo docker exec -i -t acl-client ping -w 2 -c 2 192.168.20.100
```
Then configure the ACL on ethernet-1/1.0 subinterface of SR Linux to drop ICMP packets destined towards the server:
```bash
cat icmp_drop.cfg | docker exec -i acl-srl sr_cli -e -c
```
Repeat the ping, it should not succeed, as the ICMP drop ACL is in place. You can check the logs on SR Linux to ensure that the packets are being dropped:
```bash
sudo docker exec acl-srl sr_cli show system logging file acl_log
```