Configuration Guide Access Control List Configuration
Ruijie (config-exp-nacl)# [sn]{ permit | deny }[prot |
{[ethernet-type] [cos cos]}] [VID vid] {src
src-wildcard | host src | interface idx}{host
src-mac-addr | any} {dst dst-wildcard | host dst |
any} {host dst-mac-addr | any}][precedence
precedence] [tos tos] [ dscp dscp] [fragment]
[time-range tm-rng-name]
Add table entries for ACL. For details about
commands, please see command reference.
Ruijie(config-exp-nacl)# exit
Ruijie(config)# interface interface
Exit from the access control list mode and
select the interface to which the access list is
to be applied.
Ruijie(config-if)# expert access-group {id|name}
{in|out}
Apply the access list to the specific interface
Method 1 only configures the numerical value ACL. Method 2 can configure
names and the numerical value ACL. In a version supporting priority table
entries, method 2 can also specify the priorities of table entries (the [sn]
option in a command).
Showing Configuration of Extended Expert ACL
To monitor access lists, please run the following command the in privileged user mode:
Ruijie # show access-lists [id | name]
You can view expert access lists
Expert Extended Access List Example
It is required to implement the following security functions by configuring expert access lists:
The 0013.2049.8272 host using vlan 20 cannot access the giga 0/1 port of a device.
It cannot access other ports.
Ruijie> enable
Ruijie# config terminal
Ruijie(config)# expert access-list extended expert-list
Ruijie(config-exp-nacl)# permit ip vid 20 any host 0013.2049.8272 any any
Ruijie(config-exp-nacl)# deny any any any any
Ruijie(config-exp-nacl)# exit
Ruijie(config)# interface gigabitEthernet 0/1
Ruijie(config-if)# expert access-group expert-list in
Ruijie(config-if)# end
Ruijie# show access-lists
expert access-list extended expert-list
petmit ip vid 20 any host 0013.2049.8272 any any
deny any any
To Next Page
Loading...
