3 acl example, Xample – PLANET WGSW-52040 User Manual

{ip|ipv6|mac|mac-ip} access-group

<acl-name>

{in} [traffic-statistic]

no {ip|ipv6|mac|mac-ip} access-group

<acl-name>

{in}

Physical interface mode: Applies an

access-list to the specified direction on

the port; the no command deletes the

access-list bound to the port.

VLAN interface mode: Applies an

access-list to the specified direction on

the port of VLAN; the no command

deletes the access-list bound to the port

of VLAN.When the acl of ipv6 is applied

by this switch, it only supports the

standard acl of ipv6.

5. Clear the filtering information of the specified port

Command Explanation

Admin Mode

clear access-group statistic

[ethernet <interface-name> ]

Clear the filtering information of the specified

port.

41.3 ACL Example

Scenario 1:

The user has the following configuration requirement: port 10 of the switch connects to

10.0.0.0/24 segment, ftp is not desired for the user.

Configuration description:

1． Create a proper ACL

2． Configuring packet filtering function

3． Bind the ACL to the port

The configuration steps are listed below:

Switch(config)#access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21

Switch(config)#firewall enable

Switch(config)#interface ethernet 1/10

Switch(Config-If-Ethernet1/10)#ip access-group 110 in

Switch(Config-If-Ethernet1/10)#exit

Switch(config)#exit

41-128