Ip acls, Ip acls -120 – SMC Networks TigerSwitch User Manual

C

OMMAND

L

INE

I

NTERFACE

4-120

•

This switch supports ACLs for ingress filtering only. However, you can
only bind one IP ACL to any port and one MAC ACL globally for
ingress filtering. In other words, only two ACLs can be bound to an
interface - Ingress IP ACL and Ingress MAC ACL.

The order in which active ACLs are checked is as follows:
1. User-defined rules in the Ingress MAC ACL for ingress ports.
2. User-defined rules in the Ingress IP ACL for ingress ports.
3. Explicit default rule (permit any any) in the ingress IP ACL for ingress

ports.

4. Explicit default rule (permit any any) in the ingress MAC ACL for

ingress ports.

5. If no explicit rule is matched, the implicit default is permit all.

IP ACLs

Table 4-33 Access Control Lists

Command
Groups

Function

Page

IP ACLs

Configures ACLs based on IP addresses, TCP/UDP
port number, protocol type, and TCP control code

4-120

MAC ACLs

Configures ACLs based on hardware addresses, packet
format, and Ethernet type

4-130

ACL Information Displays ACLs and associated rules; shows ACLs

assigned to each port

4-136

Table 4-34 IP ACLs

Command

Function

Mode

Page

access-list ip

Creates an IP ACL and enters configuration
mode

GC

4-121

permit, deny

Filters packets matching a specified source
IP address

STD-ACL 4-122

permit, deny

Filters packets meeting the specified criteria,
including source and destination IP address,
TCP/UDP port number, protocol type, and
TCP control code

EXT-ACL 4-123