Ip acls, Ip acls -118 – SMC Networks TIGERSWITCH SMC6752AL2 User Manual

C

OMMAND

L

INE

I

NTERFACE

4-118

•

This switch supports ACLs for ingress filtering only. You can only
bind one IP ACL to any port and one MAC ACL globally for
ingress filtering. In other words, only two ACLs can be bound to an
interface - Ingress IP ACL and Ingress MAC ACL.

The order in which active ACLs are checked is as follows:
1. User-defined rules in the Ingress MAC ACL for ingress ports.
2. User-defined rules in the Ingress IP ACL for ingress ports.
3. Explicit default rule (permit any any) in the ingress IP ACL for ingress

ports.

4. Explicit default rule (permit any any) in the ingress MAC ACL for

ingress ports.

5. If no explicit rule is matched, the implicit default is permit all.

IP ACLs

Table 4-33 Access Control Lists

Command
Groups

Function

Page

IP ACLs

Configures ACLs based on IP addresses, TCP/UDP
port number, protocol type, and TCP control code

4-118

MAC ACLs

Configures ACLs based on hardware addresses, packet
format, and Ethernet type

4-128

ACL Information Displays ACLs and associated rules; shows ACLs

assigned to each port

4-135

Table 4-34 IP ACLs

Command

Function

Mode

Page

access-list ip

Creates an IP ACL and enters configuration
mode

GC

4-119

permit, deny

Filters packets matching a specified source
IP address

STD-ACL 4-120

permit, deny

Filters packets meeting the specified criteria,
including source and destination IP address,
TCP/UDP port number, protocol type, and
TCP control code

EXT-ACL 4-122