Method 1 only configures the numerical value ACL. Method 2 can
configure names and numerical value ACL and specify the priorities of
table entries (they support priority ACE products).
Showing Configuration of MAC Extended Access List
To monitor access lists, please run the following command the in privileged mode:
Ruijie# show access-lists [ id | name]
You can view basic access lists
MAC Extended Access List Example
It is required to implement the following security functions by configuring MAC access lists:
1. The 0013.2049.8272 host using the ipx protocol cannot access the giga 0/1 port of a device.
2. It can access other ports.
Configure an Ethernet port, apply the access list 101 on the Ethernet port and check all the messages
passing in and out on the port.
Ruijie> enable
Ruijie# configure terminal
Ruijie(config)# mac access-list extended mac-list
Ruijie(config-mac-nacl)# deny host 0013.2049.8272 any ipx
Ruijie(config-mac-nacl)# permit any any
Ruijie(config-mac-nacl)# exit
Ruijie(config)# interface gigabitEthernet 0/1
Ruijie(config-if)# mac access-group mac-list in
Ruijie(config-if)# end
Ruijie# show access-lists
mac access-list extended mac-list
deny host 0013.2049.8272 any ipx
permit any any
Ruijie#
For access lists, ”permit any any” cannot be discarded, for the ending part
of an access list implicates a “deny any” rule sentence.
Configuring Expert Extended Access List
To configure expert extended access lists on a device, you must specify unique names or numbers for
the access lists of a protocol to uniquely identifying each access list inside the protocol.The table
below lists the number range of the Expert access list.
To Next Page
Loading...
