beautypg.com

Assigning mac address acls to a port, Assigning mac address acls to a port 6, Assigning numbered ipv4 acls 6 – Allied Telesis AT-8100 Series User Manual

Page 1546: Assigning mac address acls example 6

background image

Chapter 98: Advanced Access Control Lists (ACLs)

1546

In this example, ports 12 and 13 are assigned an ACL, ID number 3075,
that blocks all untagged ingress packets with a destination address in the
149.107.22.0 subnet. See Table 175.

Assigning MAC

Address ACLs to

a Port

To assign a MAC ACL to a port on the switch, use the MAC ACCESS-
GROUP command in the Port Interface mode. Using this command, you
can add one MAC ACL to a port or several ports. The ACL must exist on
the switch. Here is the format of the command:

mac access-group

id_number

For more information about this command, see “MAC ACCESS-GROUP”
on page 1633.

This example creates two MAC ACLs with ID numbers of 4025 and 4055.
ACL 4025 permits only packets that have source MAC addresses starting
with “45:2A:B5:”. ACL 4055 denies all other MAC addresses. Then assign
both ACLs to port 7:

Table 175. Assigning Numbered IPv4 ACLs

Command

Description

awplus> enable

Enter the Privileged Executive mode from the
User Executive mode.

awplus# configure terminal

Enter the Global Configuration mode.

awplus(config)# access-list 3075
deny ip any 149.107.22.0/24

Create the deny ACL.

awplus(config)# interface
port1.0.12,port1.0.13

Enter the Port Interface mode for ports 12 and
13.

awplus(config_if)# access-group
3075

Apply the ACL to the ports with the ACCESS-
GROUP command.

Table 176. Assigning MAC Address ACLs Example

Command

Description

awplus> enable

Enter the Privileged Executive mode from the
User Executive mode.

awplus# configure terminal

Enter the Global Configuration mode.

awplus(config)# access-list
4025 permit 45:2a:b5:00:00:00
00:00:00:ff:ff:ff any

Create the permit ACL.

awplus(config)# access-list
4055 deny any any

Create the deny ACL.