Configuring the ECN330-switch
174 1553-KDU 137 365 Uen D 2006-06-16
CLI – This examples assigns an IP and MAC ingress ACL to port 1, and an IP
ingress ACL to port 2.
6.6.4 Configuring a VLAN Access Map
A VLAN access map controls traffic filtering within a VLAN based on source or
destination addresses and other criteria specified in IP or MAC ACLs (see
“Configuring a Standard IP ACL” on page 160," “Configuring an Extended IP
ACL” on page 161, or “Configuring a MAC ACL” on page 164). An access map
contains information about the ACLs to apply and the action to take when a
packet matches the specified rules. Follow these steps to create a VLAN ACL:
1. Configure an access map (see “Setting the Name of a VLAN Access Map”
on page 175 and “Specifying the Associated IP/MAC ACLs and Action” on
page 175),
2. Create a mask to control the order in which ingress traffic is checked against
the ACL rules (see “Configuring a VLAN Mask for IP ACLs” on page 178 and
“Configuring a VLAN Mask for MAC ACLs” on page 180),
3. Bind the VLAN ACL to one or more VLANs (see “Binding a VLAN to an
Access Map” on page 182).
Any input packets which meet the criteria specified in the ACL permit rules are
forwarded or dropped according to the specified action. Note that if no rules
match any of the permit rules, the packet is dropped.
The following additional guidelines apply to the use of VLAN ACLs:
• When a port is added to a VLAN which had been bound by a VLAN ACL,
the VLAN ACL is automatically added to the new port member.
• After a VLAN is bound with a VLAN ACL, any modifications to this VLAN
ACL are automatically applied to all of the VLAN member ports.
Console(config)#interface ethernet 1/1
Console(config-if)#ip access-group david in
Console(config-if)#mac access-group jerry in
Console(config-if)#exit
Console(config)#interface ethernet 1/2
Console(config-if)#ip access-group david in
Console(config-if)#
To Next Page
Loading...
