AT-9000 Switch Command Line User’s Guide
Section X: Network Management 1061
ACCESS-GROUP
Syntax
access-group
id_number
Parameters
id_number Specifies the ID number of an access control list you want
to add to a port. The range is 3000 to 3699. You can add
just one ACL to a port at a time with this command.
Mode
Port Interface mode
Description
Use this command to add ACLs to ports on the switch. Ports begin to filter
packets as soon as they are assigned ACLs. This command works for all
ACLs, except for MAC address ACLs, which are added to ports with “MAC
ACCESS-GROUP” on page 1062.
Note
If a port is to have both permit and deny ACLs, you must add the
permit ACLs first because ingress packets are compared against the
ACLs in the order in which they are added to a port. If you add the
deny ACLs before the permit ACLs, a port is likely to block traffic you
want it to forward.
Confirmation Command
“SHOW INTERFACE ACCESS-GROUP” on page 1067
Example
This example adds the ACL 3022 to port 15:
awplus> enable
awplus# con
figure terminal
awplus(config)# interface port1.0.15
awplus(config-if)#
access-group 3022
awplus(config-if)# end
awplus#
show interface port1.0.15 access-group
To Next Page
Loading...
