267
DCS-3950 series Ethernet switch manual
standard<name>‘command deletes the name-based standard IPv6 access list (including
all entries).
Parameters: <name> is the name for access list, the character string length is from 1 to
16, And the string should contain at least one non-numeric character..
Command mode: Global Mode
Default: No access list is configured by default
Usage Guide: When this command is called for the first time, an empty access list will be
created.
Example: Create a standard IP access list, and name it as tcpFlow.
Switch(Config)#ip access-list standard ipFlow
15.3.2.7 {ip|mac|mac-ip} access-group
Command :{ip|mac|mac-ip} access-group <name> {in|out}[traffic-statistic]
no {ip|mac|mac-ip} access-group <name> {in|out}
Function: Apply an access-list on some direction of port, and determine if ACL rule is
added statistic counter or not by options; the ‘no {ip|mac|mac-ip} access-group
command deletes access-list binding on the port.
Parameters: <name> is the name for access list, the character string length is from 1 to
16
Command mode: Physical Interface Mode.
Default: The exit and entry of port are not bound ACL.
Usage Guide: One interface can be bound with one outbound ACL and one inbound ACL.
When an ACL is bound to an outbound interface, only deny rule can be configured.
Currently ACL can only be bound to inbound interfaces, but can not be bound to outbound
interfaces.
Standard ACLs, extended ACLs, and named ACLs can be bound to physical ports of
the Layer 3 switches, and can not be bbound to Layer 3 ports or the trunk ports.
When binding ACLs to a port, it is limited that:
1. One MAC-IP ACL, or one IP-ACL, or MAC-ACL can be bound to each inbound port.
2. One MAC-IP ACL, or one IP-ACL, or MAC-ACL can be bound to each outbound port.
3. When inbound and outbound ACLs are both configured, and packets are matched by
both of the ACLs, the priority of outbound ACL will be higher than the inbound one. In
the same ACL, the earlier the entry is configued, the higher its priority will be.
4. Only the deny operation can be binded to the outbound ports.
When matching TCP or UDP port numbers, only one fixed port number can be used.
Operators like not equal, bigger than, less than, or between are not allowed.
For packets uses software forwarding, and packets sent out by the switch itself, the
outbound ACL does not effect.
Example: Configure a inbound access list named aaa to the port.
Switch(Config-Ethernet0/0/1)#ip access-group aaa in
15.3.2.8 permit|deny(ip extended)
To Next Page
Loading...
Need help?
General