Configuring the ECN330-switch
164 1553-KDU 137 365 Uen D 2006-06-16
3. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP
control code set to “SYN.”
6.6.1.4 Configuring a MAC ACL
Command Attributes
• Action – An ACL can contain permit rules, deny rules, or a combination
of both. (Default: Permit rules)
• Source/Destination Address Type – Use “Any” to include all possible
addresses, “Host” to indicate a specific MAC address, or “MAC” to
specify an address range with the Address and Bitmask fields. (Options:
Any, Host, MAC; Default: Any)
• Source/Destination MAC Address – Source or destination MAC
address.
• Source/Destination MAC Bitmask – Hexadecimal mask for source or
destination MAC address.
• VID – VLAN ID. (Range: 1-4093)
• VID Bitmask – VLAN bitmask. (Range: 1-4095)
• Ethernet Type – This option can only be used to filter Ethernet II
formatted packets. (Range: 600-fff hex.)
A detailed listing of Ethernet protocol types can be found in RFC 1060.
A few of the common types include 0800 (IP), 0806 (ARP), 8137 (IPX).
• Ethernet Type Bitmask – Protocol bitmask. (Range: 600-fff hex.)
• Packet Format – This attribute includes the following packet types:
• Any – Any Ethernet packet type.
• Untagged-eth2 – Untagged Ethernet II packets.
• Untagged-802.3 – Untagged Ethernet 802.3 packets.
• Tagged-eth2 – Tagged Ethernet II packets.
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
destination-port 80
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
control-flag 2 2
Console(config-std-acl)#
To Next Page
Loading...
