Allied Telesis AlliedWare Plus AT-x230-10GP

To Next Page

To Previous Page

672 Command Reference for x230 Series Edge Switches C613-50055-01 REV A

AlliedWare Plus™ Operating System - Version 5.4.5-0.x

IPV4 HARDWARE ACCESS CONTROL LIST (ACL) COMMANDS

ACCESS

-GROUP

access-group

Overview This command adds or removes a hardware-based access-list to or from a switch

port interface. The number of hardware numbered and named access-lists that can

be added to a switch port interface is determined by the available memory in

hardware-based packet classification tables.

This command works in Interface Configuration mode to apply hardware

access-lists to selected switch port interfaces.

The no variant of this command removes the selected access-list from an interface.

Syntax

access-group

[<3000-3699>|<4000-4699>|<hardware-access-list-name>]

no access-group

[<3000-3699>|4000-4699|<hardware-access-list-name>]

Mode Interface Configuration for a switch port interface

Default Any traffic on an interface controlled by a hardware ACL that does not explicitly

match a filter is permitted.

Usage First create an IP access-list that applies the appropriate permit/deny requirements

with the access-list (hardware IP numbered) command, the access-list (hardware

MAC numbered) command or the access-list hardware (named) command. Then

use this command to apply this hardware access- list to a specific port or port

range. Note that this command will apply the access-list only to incoming data

packets.

To apply ACLs to an LACP aggregated link, apply it to all the individual switch ports

in the aggregated group. To apply ACLs to a static channel group, apply it to the

static channel group itself. An ACL can even be applied to a static aggregated link

that spans more than one switch instance (Link Aggregation Commands).

Note that you cannot apply software numbered ACLs to switch port interfaces with

the access-group command. This command will only apply hardware ACLs.

NOTE: Hardware ACLs will permit access unless explicitly denied by an ACL action.

Examples To add the numbered hardware access-list 3005 to switch port interface

port1.0.1, enter the following commands:

awplus# configure terminal

awplus(config)# interface port1.0.1

awplus(config-if)# access-group 3005

Parameter Description

<3000-3699> Hardware IP access-list.

<4000-4699> Hardware MAC access-list.

<hardware-access-list-name> The hardware access-list name.

Main Page

Allied Telesis AlliedWare Plus AT-x230-10GP - Access-Group

Table of Contents

Related product manuals