Help with ACL on extreme switch

[RANE2001]

Hi All, I hope that someone here can help me out. I am new to the Extreme line of switches and I have no idea how to create and access list for the following:
I need to deny UDP 67 packets from all ports except port 12 on an extreme layer 3 switch. Thank you very much in advance for any help!!!

Regards
RANE

 

[gigaspeed]

First, create a policy. Enter command:

vi no67udp.pol

(you can name it anything you want...just use a pol extension)

If you're not familiar with vi then use Windows wordpad, save it as .pol and
tftp it to the switch. (ls command will list the files/configs on the XOS
switch...linux) The following is needed in the policy (I add count so I can
see the number of packet hits...it's not required):

entry drop1 {
if match all {
protocol udp;
source-port 67;
} then {
deny;
count drop1;
}

}
entry drop2{
if match all {
protocol udp;
destination-port 67;
} then {
deny;
count drop2;
}
}



After you've wq that (if you're doing vi) then you're ready to
apply the policy/access-list. Enter the following commands:

check policy no67udp
(to make sure there are no errors and don't use .pol extension)

Next, apply to the ports:

configure access-list no67udp port 1-11,13-24 (or 26)
(it should respond with done!)

You can then show access-list or show access-list counter to see
if there are any hits.

To remove the access-list enter:

unconfigure access-list no67udp

You can edit the access-list while it's running and then after the
check policy command you will need to enter:

refresh policy no67udp

to make the changes take affect. I think that's all you need.
There's probably a better way and someone
with more experience than me might know. But
this should deny all 67 udp packets from all ports but 12.