beautypg.com

Ip acls, Table 4-33, Access control list commands – Accton Technology ES5508 User Manual

Page 299: Table 4-34, Ip acl commands

background image

Access Control List Commands

4-87

4

The order in which active ACLs are checked is as follows:
1. User-defined rules in the Egress MAC ACL for egress ports.
2. User-defined rules in the Egress IP ACL for egress ports.
3. User-defined rules in the Ingress MAC ACL for ingress ports.
4. User-defined rules in the Ingress IP ACL for ingress ports.
5. Explicit default rule (permit any any) in the ingress IP ACL for ingress ports.
6. Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports.
7. If no explicit rule is matched, the implicit default is permit all.

Masks for Access Control Lists

You must specify masks that control the order in which ACL rules are checked. The
switch includes two system default masks that pass/filter packets matching the
permit/deny the rules specified in an ingress ACL. You can also configure up to
seven user-defined masks for an ACL. A mask must be bound exclusively to one of
the basic ACL types (i.e., Ingress IP ACL, Egress IP ACL, Ingress MAC ACL or
Egress MAC ACL), but a mask can be bound to up to four ACLs of the same type.

IP ACLs

Table 4-33 Access Control List Commands

Command Groups

Function

Page

IP ACLs

Configures ACLs based on IP addresses, TCP/UDP port number,

protocol type, and TCP control code

4-87

MAC ACLs

Configures ACLs based on hardware addresses, packet format, and

Ethernet type

4-100

ACL Information

Displays ACLs and associated rules; shows ACLs assigned to each port 4-110

Table 4-34 IP ACL Commands

Command

Function

Mode

Page

access-list ip

Creates an IP ACL and enters configuration mode for

standard or extended IP ACLs

GC

4-88

access-list ip extended

fragment-auto-mask

Automatically creates extra masks to support fragmented

ACL entries

GC

4-88

permit, deny

Filters packets matching a specified source IP address

STD-ACL

4-89

permit, deny

Filters packets meeting the specified criteria, including

source and destination IP address, TCP/UDP port number,

protocol type, and TCP control code

EXT-ACL

4-90

show ip access-list

Displays the rules for configured IP ACLs

PE

4-92

access-list ip

mask-precedence

Changes to the IP Mask mode used to configure access

control masks

GC

4-92

mask

Sets a precedence mask for the ACL rules

IP-Mask

4-93

show access-list ip

mask-precedence

Shows the ingress or egress rule masks for IP ACLs

PE

4-96

ip access-group

Adds a port to an IP ACL

IC

4-97

See also other documents in the category Accton Technology Computer Accessories: