8 clear access-group statistic interface, 9 firewall, 10 firewall default – PLANET XGS3-24040 User Manual

Commands for Security Function Chapter 2 Commands for 802.1x

41-8

Functions: Define a standard numeric MAC ACL rule, ‘no access-list <num>’ command deletes a

standard numeric MAC ACL access-list rule.

Parameters: <num> is the access-list No. which is a decimal’s No. from 700-799; deny if rules are

matching, deny access; permit if rules are matching, permit access; <host_smac>, <sumac> source

MAC address; <sumac-mask> mask (reverse mask) of source MAC address.

Command Mode: Global mode

Default Configuration: No access-list configured.

Usage Guide: When the user assign specific <num> for the first time, ACL of the serial number is

created, then the lists are added into this ACL.

Examples: Permit the passage of packets with source MAC address 00-00-XX-XX-00-01, and deny

passage of packets with source MAC address 00-00-00-XX-00-ab.

Switch(config)# access-list 700 permit 00-00-00-00-00-01 00-00-FF-FF-00-00

Switch(config)# access-list 700 deny 00-00-00-00-00-ab 00-00-00-FF-00-00

41.8 clear access-group statistic interface

Command: clear access-group statistic interface { <interface-name> | ethernet <interface-name> }

Functions: Empty packet statistics information of assigned interfaces.

Parameters: <interface-name>: Interface name.

Command Mode: Admin mode

Default: None

Examples:Empty packet statistics information of interface1/1.

Switch#clear access-group out statistic interface ethernet 1/1

41.9 firewall

Command: firewall {enable | disable}

Functions: Enable or disable firewall.

Parameters: enable means to enable of firewall; disable means to disable firewall.

Default: It is no use if default is firewall.

Command Mode: Global mode

Usage Guide: Whether enabling or disabling firewall, access rules can be configured. But only when the

firewall is enabled, the rules can be used in specific orientations of specific ports. When disabling the

firewall, all ACL tied to ports will be deleted.

Examples: Enable firewall.

Switch(config)#firewall enable

41.10 firewall default

Command: firewall default {permit | deny [ipv4 | ipv6 | all]}

Functions: Configure default actions of firewall.

Parameters: permit means to permit data packets to pass; deny [ipv4 | ipv6 | all] means to deny

ipv4|ipv6 all data packets to pass. If configure the default deny *, cancel it by default permit.