672 Command Reference for x230 Series Edge Switches C613-50055-01 REV A
AlliedWare Plusâ„¢ Operating System - Version 5.4.5-0.x
IPV4 HARDWARE ACCESS CONTROL LIST (ACL) COMMANDS
ACCESS
-GROUP
access-group
Overview This command adds or removes a hardware-based access-list to or from a switch
port interface. The number of hardware numbered and named access-lists that can
be added to a switch port interface is determined by the available memory in
hardware-based packet classification tables.
This command works in Interface Configuration mode to apply hardware
access-lists to selected switch port interfaces.
The no variant of this command removes the selected access-list from an interface.
Syntax
access-group
[<3000-3699>|<4000-4699>|<hardware-access-list-name>]
no access-group
[<3000-3699>|4000-4699|<hardware-access-list-name>]
Mode Interface Configuration for a switch port interface
Default Any traffic on an interface controlled by a hardware ACL that does not explicitly
match a filter is permitted.
Usage First create an IP access-list that applies the appropriate permit/deny requirements
with the access-list (hardware IP numbered) command, the access-list (hardware
MAC numbered) command or the access-list hardware (named) command. Then
use this command to apply this hardware access- list to a specific port or port
range. Note that this command will apply the access-list only to incoming data
packets.
To apply ACLs to an LACP aggregated link, apply it to all the individual switch ports
in the aggregated group. To apply ACLs to a static channel group, apply it to the
static channel group itself. An ACL can even be applied to a static aggregated link
that spans more than one switch instance (Link Aggregation Commands).
Note that you cannot apply software numbered ACLs to switch port interfaces with
the access-group command. This command will only apply hardware ACLs.
NOTE: Hardware ACLs will permit access unless explicitly denied by an ACL action.
Examples To add the numbered hardware access-list 3005 to switch port interface
port1.0.1, enter the following commands:
awplus# configure terminal
awplus(config)# interface port1.0.1
awplus(config-if)# access-group 3005
Parameter Description
<3000-3699> Hardware IP access-list.
<4000-4699> Hardware MAC access-list.
<hardware-access-list-name> The hardware access-list name.
To Next Page
Loading...
Need help?
General
