Service-acl – Allied Telesis AT-S95 CLI User Manual

ACL Commands

Page 21

User Guidelines
•

MAC BPDU packets cannot be denied.

•

This command defines an Access Control Element (ACE). An ACE can only be removed by deleting the ACL,

using the no mac access-list Global Configuration mode command. Alternatively, the Web-based interface
can be used to delete ACEs from an ACL.

•

The following user guidelines are relevant to GE devices only:

Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is
added, an implied deny-any-any condition exists at the end of the list and those packets that do not match
the conditions defined in the permit statement are denied.

If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.

Example

The following example shows how to create a MAC ACL with deny rules.

service-acl

The service-acl Interface Configuration mode command controls access to an interface. Use the no form of this
command to remove the access control.

Syntax

service-acl input acl-name

no service-acl input

Parameters
•

input — Applies the specified ACL to the input interface.

Default Configuration

This command has no default configuration.

Command Mode

Interface Configuration (Ethernet, Port-Channel) mode

User Guidelines

In advanced mode, when an ACL is bound to an interface, the port trust mode is set to trust 12-13 and not to 12.

Example

The following example, binds (services) an ACL to Ethernet interface g2.

Console(config)# mac access-list macl1
Console (config-mac-acl)# deny 6:6:6:6:6:6:0:0:0:0:0:0 any

Console(config)# interface ethernet g2
Console(config-if)# service-acl input macl1