Allied Telesis AT-DC2552XS User Manual

Page 472

Advertising
background image

Chapter 20: ACL Commands

472

Section V: Security and Traffic Control

Confirmation Command

“SHOW ACCESS-LIST” on page 474

Description

Use this command to add a permit statement to the hardware ACL or
modify an existing permit statement. When a packet matches a permit
statement, the switch forwards the packet. You can add up to 256
statements to one hardware ACL.

The hardware ACL is a sequential collection of permit, deny, or copy-to-
mirror statements. The switch evaluates a packet against the statement
starting with the smallest to the largest sequence number. When a packet
matches the statement, the switch permits, denies, or mirrors the packet
and skips the rest of the statements. If a packet does not match any
statements, the switch forwards the packet.

To add or modify a deny or copy-to-mirror statement, see “DENY” on
page 453 or “COPY-TO-MIRROR” on page 448.

Examples

This example creates a new hardware access list named “acl_1” and adds
statements to forwards packets when the prefix of a source MAC address
in the packets is “ec:cd:6d” and discard packets that do not match the
source MAC address:

awplus> enable
awplus# configure terminal
awplus(config)# access-list hardware acl_1
awplus(config-ip-hw-acl)# permit mac ec:cd:6d:00:00:00
00:00:00:ff:ff:ff any
awplus(config-ip-hw-acl)# deny mac any any

This example creates a new hardware access list named “acl_2” and adds
a statement to forward IP packets that have the destination IP address of
192.168.1.0/24 and belong to VLAN 10:

awplus> enable
awplus# configure terminal
awplus(config)# access-list hardware acl_2
awplus(config-ip-hw-acl)# permit ip any 192.168.1.0/24 vlan
10

Advertising
See also other documents in the category Allied Telesis Computer hardware: