beautypg.com

8 ip access control list (acl) commands, 1 access-list, 8 ip access control list (acl) commands - 27 – Kontron AT890X Full-Size CLI User Manual

Page 193: Access-list - 27

background image

AT8901/2/3

Quality of Service (QoS) Commands

Page 4 - 27

AT8901/2/3 CLI Reference Manual

Format

show mac access-lists [name]

Mode

Privileged EXEC

Rule Number The ordered rule number identifier defined within the MAC ACL.
Action

Displays the action associated with each rule. The possible values are
Permit or Deny.

Source MAC Address Displays the source MAC address for this rule.
Destination MAC Address Displays the destination MAC address for this rule.
Ethertype

Displays the Ethertype keyword or custom value for this rule.

VLAN ID

Displays the VLAN identifier value or range for this rule.

COS

Displays the COS (802.1p) value for this rule.

Log

Displays when you enable logging for the rule.

Assign Queue Displays the queue identifier to which packets matching this rule are

assigned.

Mirror Interface On Broadcom 5650x platforms, displays the unit/slot/port to which

packets matching this rule are copied.

Redirect Interface On Broadcom 5650x platforms, displays the unit/slot/port to

which packets matching this rule are forwarded.

4.8

IP Access Control List (ACL) Commands

This section describes the commands you use to configure IP ACL settings. IP ACLs
ensure that only authorized users have access to specific resources and block any
unwarranted attempts to reach network resources.

The following rules apply to IP ACLs:

FASTPATH does not support IP ACL configuration for IP packet fragments.

The maximum number of ACLs you can create is 100, regardless of type.

The maximum number of rules per IP ACL is hardware dependent.

On Broadcom 5630x platforms, if you configure a MAC ACL on an interface, you
cannot configure an IP ACL on the same interface.

Wildcard masking for ACLs operates differently from a subnet mask. A wildcard
mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has
ones (1's) in the bit positions that are used for the network address, and has zeros
(0's) for the bit positions that are not used. In contrast, a wildcard mask has (0’s) in
a bit position that must be checked. A ‘1’ in a bit position of the ACL mask indi-
cates the corresponding bit can be ignored.

4.8.1

access-list

This command creates an IP Access Control List (ACL) that is identified by the access
list number, which is 1-99 for standard ACLs or 100-199 for extended ACLs

.

Table 2

describes the parameters for the

access-list

command.

IP Standard ACL:

See also other documents in the category Kontron Hardware: