beautypg.com

Command list, Access-group, Command list access-group – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 850: Access, Group

background image

IPv4 Hardware Access Control List (ACL) Commands

Software Reference for x310 Series Switches

34.4

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Command List

access-group

This command adds or removes a hardware-based access-list to a switch port interface.
The number of hardware numbered and named access-lists that can be added to a switch
port interface is determined by the available memory in hardware-based packet
classification tables.

This command works in Interface Configuration mode to apply hardware access-lists to
selected switch port interfaces.

The no variant of this command removes the selected access-list from an interface.

Syntax

access-group [<3000-3699>|<4000-4699>|<hardware-access-list-name>]

no access-group [<3000-3699>|4000-4699|<hardware-access-list-name>]

Mode

Interface Configuration for a switch port interface

Default

Any traffic on an interface controlled by a hardware ACL that does not explicitly match a
filter is permitted.

Usage

First create an IP access-list that applies the appropriate permit, deny requirements etc
with the

access-list (hardware IP numbered) command on page 34.6

, the

access-list

(hardware MAC numbered) command on page 34.16

or the

access-list hardware

(named) command on page 34.19

. Then use this command to apply this hardware access-

list to a specific port or port range. Note that this command will apply the access-list only
to incoming data packets.

To apply ACLs to an LACP aggregated link, apply it to all the individual switch ports in the
aggregated group. To apply ACLs to a static channel group, apply it to the static channel
group itself. An ACL can even be applied to a static aggregated link that spans more than
one switch instance (

Chapter 21, Link Aggregation Commands

).

Note that you cannot apply software standard and extended numbered ACLs to switch
port interfaces with the access-group command. This command will only apply hardware
ACLs.

Parameter

Description

<3000-3699>

Hardware IP access-list.

<4000-4699>

Hardware MAC access-list.

<hardware-access-list-name>

The hardware access-list name.

Note

Hardware ACLs will permit access unless explicitly denied by an ACL action.

See also other documents in the category Allied Telesis Computer hardware: