Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
Configured Source IP
Address and Mask
Configured Destination IP
Address and Mask
Command Entry for
Source IP Address
and Mask
Command Entry for
Destination IP Address
and Mask
Figure 9-15. Using the “Named ACL” Context To Configure an ACL
Enabling or Disabling ACL Filtering on a VLAN
For a given interface, you can configure one ACL to filter inbound traffic and
one ACL to filter outbound traffic. You can also use the same ACL for both
inbound and outbound traffic, and for assignment to multiple VLANs. For
limits and operating rules, refer to
“ACL Configuration and Operating Rules”
on page 9-18.
Syntax: [no] vlan < vid > ip access-group < ascii-string > < in | out >
where: < ascii-string > = either a ACL name or an ACL ID number.
Assigns an ACL to a VLAN. You can use either the global
configuration level or the VLAN context level to assign an
ACL to a VLAN or remove an ACL from a VLAN.
Note: The switch allows you to assign a nonexistent ACL
name or number to a VLAN. In this case, if you subsequently
configure an ACL with that name or number, it will
automatically become active on the assigned VLAN. Also, if
you delete an assigned ACL from the switch without
subsequently using the “no” form of this command to
remove the assignment to a VLAN, the ACL assignment
remains and will automatically activate any new ACE if
you create with the same ACL name.
9-46
To Next Page
Loading...
