EasyManuals Logo

Enterasys C5G124-24 User Manual

Enterasys C5G124-24
452 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #396 background imageLoading...
Page #396 background image
ACL Configuration Overview
24-4 Configuring Access Control Lists
IPv6 Rules
For IPv6 rules, IPv6 source and destination addresses and prefix length are specified, or the any
option can be used.
For an IPv6 ACLs, the following protocols can be specified in a rule:
Any IPv6 protocol
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
IPv6 Internet Control Message Protocol (ICMPv6)
TCP and UDP rules can match specific source and destination ports.
IPv6 ACLs can optionally be set to match a Diffserv codepoint (DSCP) or flow label value.
IPv6 permit rules also allow you to specify the queue to which a packet matching the permit rule
will be assigned. Valid values for queue-id are from 0 to 5.
IPv6 Rule Example
This example creates an IPv6 access control list named “ipv6list1” with a rule that denies ICMPv6
transmissions from IPv6 address 2001:db08:10::1/64 to any destination.
C5(su)->router(Config)#access-list ipv6 ipv6list1 deny icmpv6 2001:db08:10::1/64
any
MAC Rules
For MAC rules, the source and destination addresses are specified as MAC addresses, or the any
option can be used. The format of the MAC address can be xx-xx-xx-xx-xx-xx or xx:xx:xx:xx:xx:xx.
MAC ACL rules can filter on:
The Ethernet II type of the packet.
You can specify the type with either a four digit hexadecimal number in the range 0x0600 to
0xFFFF, or one of the following key words: appletalk, arp, ibmsna, ipv4, ipv6, ipx,
mplsmcast, mplsucast, netbios, novell, pppoe, rarp.
•VLAN ID.
802.1p priority value, which can range from 0 to 7.
MAC permit rules also allow you to specify the queue to which a packet matching the permit rule
will be assigned. Valid values for queue-id are from 0 to 5.
MAC Rule Example
This example creates a MAC-based access control list named “mymaclist” with a rule that permits
ARP packets from any source to the destination address 00-E0-ED-1D-90-D5 and assigns the
packets to queue 1.
B3(su)->router(Config)#access-list mac mymaclist permit any 00-E0-ED-1D-90-D5
ethertype arp assign-queue 1
Managing ACLs
Deleting ACLs and Rules
An access control list, or a single rule or range of rules, can be deleted using the no version of the
access-list commands.

Table of Contents

Other manuals for Enterasys C5G124-24

Preview: Quick Reference
Quick Reference2 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Enterasys C5G124-24 and is the answer not in the manual?

Enterasys C5G124-24 Specifications

General IconGeneral
BrandEnterasys
ModelC5G124-24
CategorySwitch
LanguageEnglish

Related product manuals