CANOGA PERKINS 9175 Configuration Guide User Manual

CanogaOS Configuration Guide

33-2

Figure 33-1: ACL

ACL details

DUT#configure terminal

Enter configuration mode

DUT (config)#mac access-list mac

Define a MAC ACL and enter ACL
configuration mode

DUT(config-mac-acl)#permit src-mac host 1111.1111.1111
dest-mac any

Config ACE to permit packet with source
mac address 1111.1111.1111

DUT(config-mac-acl)#deny src-mac any dest-mac any

Config ACE to deny any packets.

DUT(config-mac-acl)#exit Exit

ACL configuration mode

DUT(config)#ip access-list ipv4

Define a IPv4 ACL and enter ACL
configuration mode.

DUT(config-ip-acl)#permit any 1.1.1.1 0.0.0.255 any

Config ACE to permit subnet 1.1.1.1/24

DUT(config-ip-acl)#deny any any any

Config ACE to deny any packets.

DUT(config-ip-acl)#exit

Exit ACL configuration mode.

DUT(config)#ipv6 access-list ipv6

Define a IPv6 ACL and enter ACL
configuration mode .

DUT(config-ipv6-acl)#permit udp any any

Config ACE to permit UDP ipv6 packets.

DUT(config-ipv6-acl)#deny any any any

Config ACE to deny any packets.

Interface details

DUT#configure terminal

Enter configuration mode

DUT(config)#interface eth-0-1

Enter interface configuration mode

DUT(config-if)#mac access-group mac in

Apply MAC ACL mac on interface with
ingress direction.

DUT(config-if)#interface eth-0-2

Enter interface configuration mode

DUT(config-if)#ip access-group ipv4 in

Apply IPv4 ACL ipv4 on interface with
ingress direction.

DUT(config-if)# interface eth-0-3

Enter interface configuration mode