15 {ip|ipv6|mac|mac-ip} access-group, Access, Group – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

entries).

Parameter:

<name> is the name for access list, the character string length is from 1-16.

Command Mode:

Global Mode.

Default:

No access list is configured by default.

Usage Guide:

When this command is run for the first time, only an empty access list with no entry will be created.

Example:

Create a standard IPv6 access list named “ip6Flow”.

Switch(config)#ipv6 access-list standard ip6Flow

21.15 {ip|ipv6|mac|mac-ip} access-group

Command:

{ip|ipv6|mac|mac-ip} access-group <name> {in} [traffic-statistic]

no {ip|mac} access-group <name> {in}

Function:

Apply an access-list on some direction of port, and determine if ACL rule is added statistic counter

or not by options; the no command deletes access-list binding on the port.

Parameter:

<name> is the name for access list, the character string length is from 1-16.

Command Mode:

Physical Port Mode

Default:

The entry of port is not bound ACL.

Usage Guide: Usage Guide:

One port can bind ingress rules.

There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP ACL and

IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a conflict when a data packet

matches multi types of four ACLs. The strict priorities are specified for each ACL based on outcome

veracity. It can determine final behavior of packet filter through priority when the filter behavior has a

conflict.

When binding ACL to port, there are some limits as below:

1． Each port can bind a MAC-IP ACL, a IP ACL, a MAC ACL and a IPv6 ACL;