Binding a port to an access control list, Binding a port to an access control list -102, Command usage – SMC Networks SMC TigerStack III SMC6824MPE User Manual
Page 152
C
ONFIGURING
THE
S
WITCH
3-102
CLI – This example shows how to create an Ingress MAC ACL and bind
it to a port. You can then see that the order of the rules have been changed
by the mask.
Binding a Port to an Access Control List
After configuring the Access Control Lists (ACL), you can bind the ports
that need to filter traffic to the appropriate ACLs. You can only bind a port
to one ACL for each basic type – IP ingress, IP egress, MAC ingress and
MAC egress.
Command Usage
•
This switch supports ACLs for both ingress and egress filtering.
However, you can only bind one IP ACL and one MAC ACL to any
port for ingress filtering, and one IP ACL and one MAC ACL to any
port for egress filtering. In other words, only four ACLs can be bound
to an interface – Ingress IP ACL, Egress IP ACL, Ingress MAC ACL
and Egress MAC ACL.
•
When an ACL is bound to an interface as an egress filter, all entries in
the ACL must be deny rules. Otherwise, the bind operation will fail.
Console(config)#access-list mac M4
Console(config-mac-acl)#permit any any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11
ff-ff-ff-ff-ff-ff any vid 3
Console(config-mac-acl)#end
Console#show access-list
MAC access-list M4:
permit any any
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
Console(config)#access-list mac mask-precedence in
Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/12
Console(config-if)#mac access-group M4 in
Console(config-if)#end
Console#show access-list
MAC access-list M4:
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
permit any any
MAC ingress mask ACL:
mask pktformat host any vid
Console#