EasyManua.ls Logo

Enterasys C5G124-24 - Configuring MAC ACLs

Enterasys C5G124-24
452 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuring ACLs
24-10 Configuring Access Control Lists
C5(su)->router(Config)#show access-lists ipv6list1
ipv6list1 IPV6 access-list
1: deny icmpv6 2001:DB08:10::1/64 any
2: permit tcp 2001:db08:20::20/64 eq snmp any assign-queue 5
3: permit ipv6 2001:FFFF:30::30/64 any
C5(su)->router(Config)#interface vlan 200
C5(su)->router(Config-if(Vlan 200))#ipv6 access-group ipv6list1 in
C5(su)->router(Config-if(Vlan 200))#exit
Configuring MAC ACLs
Procedure 24-3 describes how to configure a MAC ACL.
Example
The following example puts the switch into ipv6mode, creates a MAC ACL, and associates it with
VLAN 300.
C5(su)->router
Procedure 24-3 Configuring MAC ACLs
Step Task Command(s)
1. Optionally. display the status of ipv6mode. show access-lists ipv6mode
2. If necessary, in global router configuration mode,
enable ipv6mode, which requires a reset of the
switch.
Enter y when prompted to reset the switch.
access-list ipv6mode
3. After the switch resets, return to global router
configuration mode, create the ACL and define
the rules.
access-list mac name {deny | permit}
{srcmac | any} {destmac | any}
[ethertype ethertype] [vlan vlan-id]
[priority pri] [assign-queue queue-
id]
4. Optionally, insert new or replace existing rules. access-list mac name insert |
replace entryno {deny | permit}
{srcmac | any} {destmac | any}
[ethertype ethertype] [vlan vlan-id]
[priority pri] [assign-queue queue-
id]
5. Optionally, move entries within the ACL access-list mac name move
destination source1 [source2]
6. Display the contents of the ACL show access-lists
name
7. Apply the ACL:
7a In router interface configuration mode, apply to a
routing VLAN interface
ip access-group acl-name in
[sequence sequence]
7b In global router configuration mode, apply to an
interface
access-list interface acl-name port-
string in [sequence sequence]
8. Optionally, display the ACLs associated with a
VLAN or port.
show access-lists [interface [port-
string]] | [vlan [vlan-id]]
9. Optionally, delete an entire ACL or a single rule
or range of rules.
no access-list mac acl-name [entryno
[entryno]]

Table of Contents

Other manuals for Enterasys C5G124-24

Preview: Quick Reference
Quick Reference2 pages

Related product manuals