beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 878

background image

IPv4 Hardware Access Control List (ACL) Commands

Software Reference for x310 Series Switches

34.32

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Mode

IPv4 Hardware ACL Configuration

Default

Any traffic on an interface controlled by a hardware ACL that does not explicitly match a
filter is permitted.

Usage

First create a named hardware access-list that applies the appropriate permit, deny
requirements etc. Then use the

access-group command on page 34.4

to apply this

access-list to a specific port or range. Note that this command will apply the access-list
only to incoming data packets.

An ACL can be configured with multiple ACL filters using sequence numbers. If the
sequence number is omitted, the next available multiple of 10 will be used as the
sequence number for the new filter. A new ACL filter can be inserted into the middle of an
existing list by specifying the appropriate sequence number

Examples

To add an access-list filter entry to the access-list named my-list that will permit
packets with a source MAC address of 0000.00ab.1234 and any destination MAC
address, use the commands:

To remove an access-list filter entry that permit packets with a source MAC address of

0000.00ab.1234

and any destination MAC address, use the commands:

Related Commands

access-group
access-list hardware (named)
show running-config

Note

The access control list being configured is selected by running the

access-list

hardware (named) command on page 34.19

. with the required access control

list number, or name, but with no further parameters selected.

Note

Hardware ACLs will permit access unless explicitly denied by an ACL action.

awplus#

configure terminal

awplus(config)#

access-list hardware my-list

awplus(config-ip-hw-acl)#

permit mac 0000.00ab.1234
0000.0000.0000 any

awplus#

configure terminal

awplus(config)#

access-list hardware my-list

awplus(config-ip-hw-acl)#

no permit mac 0000.00ab.1234
0000.0000.0000 any

See also other documents in the category Allied Telesis Computer hardware: