17 mac access extended, 18 mac-ip access extended, Mac access extended – PLANET XGS3-24040 User Manual

Page 740: Ip access extended

Advertising
background image

Commands for Security Function Chapter 2 Commands for 802.1x

41-12

Default: The entry of port is not bound ACL.

Usage Guide: One port can bind ingress rules.

There are four kinds of packet head field based on concerned: MAC ACL, IP ACL; to some extent,

ACL filter behavior (permit, deny) has a conflict when a data packet matches multi types of eight ACLs.

The strict priorities are specified for each ACL based on outcome veracity. It can determine final behavior

of packet filter through priority when the filter behavior has a conflict.

When binding ACL to port, there are some limits as below:

1. Each port can bind a MAC-IP ACL, a IP ACL, a IPv6 ACL and a MAC ACL;

2. When binding 2 ACLs and data packet matching the multi ACLs simultaneity, the priority from

high to low are shown as below,

Ingress IPv6 ACL

Ingress MAC-IP ACL

Ingress MAC ACL;

Ingress IP ACL;

Example: Binding AAA access-list to entry direction of port.

Switch(Config-If-Ethernet1/5)#ip access-group aaa in

41.17 mac access extended

Command: mac-access-list extended <name>

no mac-access-list extended <name>

Functions: Define a name-manner MAC ACL or enter access-list configuration mode, “no

mac-access-list extended <name>” command deletes this ACL.

Parameters: <name> name of access-list excluding blank or quotation mark, and it must start with letter,

and the length cannot exceed 32 (remark: sensitivity on capital or small letter.)

Command Mode: Global mode

Default Configuration: No access-lists configured.

Usage Guide: After assigning this commands for the first time, only an empty name access-list is

created and no list item included.

Examples: Create an MAC ACL named mac_acl.

Switch(Config-Mac-Ext-Nacl-mac_acl)#

Switch(config)# mac-access-list extended mac_acl

Switch(Config-Mac-Ext-Nacl-mac_acl)#

41.18 mac-ip access extended

Command: mac-ip-access-list extended <name>

no mac-ip-access-list extended <name>

Functions: Define a name-manner MAC-IP ACL or enter access-list configuration mode, “no

mac-ip-access-list extended <name>” command deletes this ACL.

Parameters: <name>: name of access-list excluding blank or quotation mark, and it must start with letter,

and the length cannot exceed 32 (remark: sensitivity on capital or small letter).

Command Mode: Global Mode.

Advertising
Popular Brands
Popular manuals