15 {ip|ipv6|mac|mac-ip} access-group, Access, Group – PLANET XGS3-24042 User Manual

47-16

Global Mode.

Default:

No IP address is configured by default.

Usage Guide:

When this command is run for the first time, only an empty access list with no entry will be created.

Example:

Create an extensive IPv6 access list named tcpFlow.

Switch (config)#ipv6 access-list extended tcpFlow

47.15 {ip|ipv6|mac|mac-ip} access-group

Command:

{ip|ipv6|mac|mac-ip} access-group <name> {in | out} [traffic-statistic]

no {ip|ipv6|mac|mac-ip} access-group <name> {in | out}

Function:

Apply an access-list on some direction of port, and determine if ACL rule is added statistic counter

or not by options; the no command deletes access-list binding on the port.

Parameter:

<name> is the name for access list, the character string length is from 1 to 32.

Command Mode:

Port Mode

Default:

The entry of port is not bound ACL.

Usage Guide:

One port can bind ingress and egress rules.Egress ACL can implement the filtering of the packets on

egress and ingress direction, the packets match the specific rules can be allowed or denied. ACL

can support IP ACL, MAC ACL, MAC-IP ACL, IPv6 ACL. Ingress direction of the port can bind four

kinds of ACL at the same time, there are four resources on egress direction of the port, IP ACL and

MAC ACL engage one resource severally, MAC-IP ACL and IPv6 ACL engage two resources

severally, so egress direction of the port can not bind four kinds of ACL at the same time. When

binding three kinds of ACL at the same time, it should be the types of IP, MAC, MAC-IP or IP, MAC,

IPv6. When binding two kinds of ACL at the same time, any combination of ACL type is valid. Each

type can only apply one on the port.

At present, notice the following contents when binding Egress ACL to port.

1. IP ACL that match tcp/udp range can not be bound

2. MAC-IP ACL that match tcp/udp range can not be bound