Software acls, Defining hardware mac acls – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 829

Access Control Lists Introduction
Software Reference for x310 Series Switches
C613-50046-01 REV A
AlliedWare Plus
TM
Operating System - Version 5.4.4C
33.5
Software ACLs
These ACLs types can be either named ACLs, using the standard or extended keyword
followed by a text string, or they can use the following ranges:
■
1-99 (IP standard ACL range)
■
100-199 (IP extended ACL range)
■
1300-1999 (IP standard expanded ACL range)
■
2000-2699 (IP extended expanded ACL range)
■
named standard IPv4 ACLs
■
named extended IPv4 ACLs
■
named standard IPv6 ACLs
■
named extended IPv6 ACLs
Software ACLs are used in features such as SNMP.
See
Chapter 35, IPv4 Software Access Control List (ACL) Commands
IPv6 Software Access Control List (ACL) Commands
for detailed command information
and command examples about IPv4 and IPv6 software ACLs as applied to Routing and
Multicasting. See all relevant Routing commands and configurations in
and all relevant Multicast commands and configurations in
.
Defining Hardware MAC ACLs
These are used to filter traffic based on specific source or destination MAC addresses
contained within the data frames. They can be applied to ports in the form of access
groups.
A MAC access list requires the following components:
■
an ACL number in the range 4000-4699
■
an action, permit, deny etc. See
“Actions for Hardware ACLs” on page 33.7
■
a source MAC address. You can use the format, HHHH.HHHH.HHHH to filter on a
specific MAC address (where H is a hexadecimal number), or you can filter on any
source MAC address by entering the word “any”.
■
a source MAC mask. This mask determines which portion of the source MAC address
header will be compared with that found in the incoming packets. The mask is
configured in the format
number. In practice each hex number will normally be either 0 (to represent a match)
or F (to represent a don’t care condition). A mask is not required if the source address
is specified as “any”.
■
a destination MAC address. You can use the format, HHHH.HHHH.HHHH to filter on a
specific MAC address (where H is a hexadecimal number), or you can filter on any
destination MAC address by entering the word “any”.
■
a destination MAC mask. This mask determines which portion of the destination MAC
address header will be compared with that found in the incoming packets. The mask
is configured in the format
number. In practice each hex number will normally be either 0 (to represent a match)
or F (to represent a don’t care condition). A mask is not required if the source address
is specified as “any”.