Hi there,
I would like to use switch ACLs on a CRS317 to:
- permit PPPoE broadcast packets on a VLAN
- permit PPPoE discovery packets on a VLAN
- drop all other packets.
Will this configuration work?
/interface ethernet switch rule
add disabled=yes mac-protocol=pppoe-discovery ports=sfp-sfpplus1-pppoe \
switch=switch1 vlan-id=1234
add disabled=yes mac-protocol=pppoe ports=sfp-sfpplus1-pppoe switch=\
switch1 vlan-id=1234
add disabled=yes new-dst-ports="" ports=sfp-sfpplus1-pppoe switch=switch1 \
vlan-id=1234
The part I am really unsure about is whether setting new-dst-ports=“” is sufficient to drop packets.
Thanks in advance for any guidance!