Chapter 5 - command line interface, 22 port access control – Asus GigaX2124 User Manual

91

Chapter 5 - Command Line Interface

and enter access-list configuration mode.

CLI Syntax: ip access-list (standard | extended) ACLNAME
Example: (config)# ip access-list extended ip_acl_1

5.3.21.3

deny any host

Use the deny MAC access list configuration command on the switch to

prevent non-IP traffic from being forwarded if the conditions are matched.

Use the no form of this command to remove a deny condition from the

named MAC access list.

CLI Syntax: deny any host MACADDR [IFNAME]
Example: (config-mac-acl)# deny any host c2f3.220a.12f4 gi1/0/2

5.3.21.4

filter conditions

This command specifies one or more conditions denied or permitted to

decide if the packet is forwarded or dropped.

CLI Syntax: (permit|deny) any any
Example: (config-mac-acl)# permit any any

5.3.21.5

filter attach

This command attaches a MAC or IP access-list to an interface.

CLI Syntax: mac access-group ACLNAME in
Example: ASUS# interface gi1/0/1
(config-if)# mac access-group mac_acl_1 in

5.3.22 Port Access Control

5.3.22.1

dot1x guest-vlan

Use the dot1x guest-vlan interface configuration command on the switch to

specify an active VLAN as an 802.1X guest VLAN. Use the no form of this

command to return to the default setting.

CLI Syntax: dot1x guest-vlan <1-3000>
Example: (config)# interface gi1/0/1