3 applying an access list to an interface, 4 enabling an access list – Asante Technologies 480 User Manual

6.3.3 Applying an Access List to an Interface

After creating your access lists, you can choose interfaces for which the access lists will be applied. If no interfaces
are explicitly selected, the access list is applied to all interfaces.

To select the interface for an access list, use the following command:

Command Purpose

access-list name acl1 set portlist ……

Select interfaces that the access list ‘acl1’ will be applied

In the next example, we will create an extended access list that will allow only SMTP bound traffic (port 25) to be
forwarded on port 7, and deny all other traffic.

Switch(Config)# access-list name acl_tcp_dst_smtp add priority 1

Switch(Config)# access-list name acl_tcp_dst_smtp set ip-mode l4port dst-port from 25

to 25

Switch(Config)# access-list name acl_tcp_dst_smtp set portlist 7

Switch(Config)# access-list name acl_tcp_dst_smtp action permit

Switch(Config)# access-list name acl_deny_all add priority 2

Switch(Config)# access-list name acl_deny_all set ip-mode l4port dst-port from 25 to

25

Switch(Config)# access-list name acl_deny_all set mac-mode macsa 00-00-94-12-34-56 00-

00-00-00-00

Switch(Config)# access-list name acl_deny_all action deny

6.3.4 Enabling an Access List

To enable a configured access list, use the command below. All the examples above require execution of the ‘enable’
command to make the access lists effective.

Command Purpose

access-list name acl_name enable

Enable an access list named ‘acl_name’ .

52

Asante IntraCore IC39240/480

User’s Manual