beautypg.com

Match access-group – Allied Telesis AT-DC2552XS User Manual

Page 489

background image

AT-DC2552SX Switch Command Line Interface User’s Guide

Section V: Security and Traffic Control

489

MATCH ACCESS-GROUP

Syntax

match access-group

acl_name

Parameter

acl_name

Specifies the name of a hardware ACL.

Mode

Class Map Configuration mode

Description

Use this command to add a hardware ACL as matching criteria to a class
map. When a hardware ACL has already been added to a class map, this
command replaces the previous value with the new value.

Confirmation Command

“SHOW CLASS-MAP” on page 513

Examples

This example creates a hardware ACL named “aclssh,” which permits
SSH traffic only from IP addresses 10.100.10.70 to 10.100.10.100 and
denies SSH traffic from the other source addresses. Then, the example
creates a class map named “ssh,” and adds the “aclssh” hardware ACL to
the “ssh” class map:

awplus> enable
awplus# configure terminal
awplus(config)# access-list hardware aclssh
awplus(config-ip-hw-acl)# permit tcp 10.100.10.7/32
10.100.10.100/32 eq 22
awplus(config-ip-hw-acl)# deny tcp any any eq 22
awplus(config-ip-hw-acl)# exit
awplus(config)# class-map ssh
awplus(config-cmap)# match access-group aclssh

See also other documents in the category Allied Telesis Computer hardware: