AT-9000 Switch Command Line User’s Guide
1259
In this example, ports 12 and 13 are assigned an ACL, ID number 3075,
that blocks all untagged ingress packets with a destination address in the
149.107.22.0 subnet. See Table 133.
Assigning MAC
Address ACLs to
a Port
To assign a MAC ACL to a port on the switch, use the MAC ACCESS-
GROUP command in the Port Interface mode. Using this command, you
can add one MAC ACL to a port or several ports. The ACL must exist on
the switch. Here is the format of the command:
mac access-group
id_number
For more information about this command, see “MAC ACCESS-GROUP”
on page 1302.
This example creates two MAC ACLs with ID numbers of 4025 and 4055.
ACL 4025 permits only packets that have source MAC addresses starting
with “45:2A:B5:”. ACL 4055 denies all other MAC addresses. Then assign
both ACLs to port 7:
Table 133. Assigning Numbered IPv4 ACLs
Command Description
awplus> enable Enter the Privileged Executive mode from the
User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# access-list 3075
deny ip any 149.107.22.0/24
Create the deny ACL.
awplus(config)# interface
port1.0.12,port1.0.13
Enter the Port Interface mode for ports 12 and
13.
awplus(config_if)# access-group
3075
Apply the ACL to the ports with the ACCESS-
GROUP command.
Table 134. Assigning MAC Address ACLs Example
Command Description
awplus> enable Enter the Privileged Executive mode from the
User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# access-list
4025 permit 45:2a:b5:00:00:00
00:00:00:ff:ff:ff any
Create the permit ACL.
awplus(config)# access-list
4055 deny any any
Create the deny ACL.
To Next Page
Loading...
