beautypg.com

16 {ip|ipv6|mac|mac-ip} access-group – Accton Technology ES4626 User Manual

Page 764

background image

764

Command:ipv6 access-list extended

no ipv6 access-list extended

Function:

Create a name-based extended IPv6 access list; the “no ipv6 access-list

extended

” command delete the name-based extended IPv6 access list

Parameter:

is the name for access list, the character string length is from 1 to

16.

Command Mode:

Global Mode

Default:

No IP address is configured by default.

Usage Guide:

When this command is run for the first time, only an empty access list with

no entry will be created

Example:

Create an extensive IPv6 access list named “tcpFlow”.

Switch (Config)#ipv6 access-list extended tcpFlow

18.2.2.16 {ip|ipv6|mac|mac-ip} access-group

Command :{ip|ipv6|mac|mac-ip} access-group {in|out}[traffic-statistic]

no {ip|mac|mac-ip}

access-group {in|out}

Function:

Apply a access-list on some direction of port, and determine if ACL rule is

added statistic counter or not by options; the “no {ip|mac|mac-ip} access-group

command deletes access-list binding on the port.

Parameter:

is the name for access list, the character string length is from 1 to

16

Command Mode:

Physical Interface Mode, VLAN Interface mode

Default:

The exit and entry of port are not bound ACL.

Usage Guide:

One port can bind an entry rule and an exit rule; it only can include deny

rule when ACL is bound to exit. If it is a stack switch, it only can bind ACL on entry, not

exit.

The standard, extended and nomenclature of access-list can be bound to

physical port

of layer 3 switch, not binding ACL to layer interface or influx interface.

There are four kinds of package head field based on concerned: MAC ACL, IP CAL,

MAC-IP ACL, and IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a

conflict when a data package matches multi types of eight ACLs. The strict priorities are

specified for each ACL based on outcome veracity. It can determine final behavior of

package filter through priority when the filter behavior has a conflict.

When binding ACL to port, there are some limits as below:

1. Each port can bind a MAC-IP ACL, a IP ACL, a MAC ACL and a IPv6 ACL;

2. Each port exit can bind a MAC IP ACL, a IP ACL, MAC ACL and IPv6 ACL;

3. When binding 6 ACLs and data package matching the multi ACLs simultaneity,

the priority from high to low are shown as below,

This manual is related to the following products:
See also other documents in the category Accton Technology Computer Accessories: