Configuring the ECN330-switch
172 1553-KDU 137 365 Uen D 2006-06-16
CLI – This example shows how to create an Ingress MAC ACL and bind it to a
port. It can be seen that the order of the rules have been changed by the mask.
6.6.3 Binding a Port to an Access Control List
After configuring the Access Control Lists (ACL), bind the ports that need to filter
traffic to the appropriate ACLs. Only bind a port to one ACL for each basic type –
IP ingress, IP egress, MAC ingress and MAC egress.
Command Usage
• A mask must be configured for an ACL rule before it can be bound to a
port.
• The ECN330-switch supports ACLs for both ingress and egress
filtering. However, only bind one IP ACL and one MAC ACL to any port
for ingress filtering, and one IP ACL and one MAC ACL to any port for
egress filtering. In other words, only four ACLs can be bound to an
interface – Ingress IP ACL, Egress IP ACL, Ingress MAC ACL and
Egress MAC ACL.
Console(config)#access-list mac M4
Console(config-mac-acl)#permit any any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-
ff-ff-ff any vid 3
Console(config-mac-acl)#end
Console#show mac access-list
MAC access-list M4:
permit any any
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
Console(config)#access-list mac mask-precedence in
Console(config-mac-mask-acl)#
mask pktformat ff-ff-ff-ff-ff-ff
any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/12
Console(config-if)#mac access-group M4 in
Console(config-if)#end
Console#show access-list
MAC access-list M4:
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
permit any any
MAC ingress mask ACL:
mask pktformat host any vid
Console#
To Next Page
Loading...
