16 mac access extended, Mac access extended – PLANET WGSW-52040 User Manual

38-152

Usage Guide:

One port can bind ingress rulesNote: when a ACL has multiple rules, traffic-statistic can't configure.

There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP ACL and IPv6 ACL; to

some extent, ACL filter behavior (permit, deny) has a conflict when a data packet matches multi types of four ACLs.

The strict priorities are specified for each ACL based on outcome veracity. It can determine final behavior of packet

filter through priority when the filter behavior has a conflict.

When binding ACL to port, there are some limits as below:

1. Each port can bind a MAC-IP ACL, a IP ACL, a MAC ACL and a IPv6 ACL; It only supports the standard ipv6 type

when binding the IPV6 ACL to the port.

2. When binding four ACLs and data packet matching the multi ACLs simultaneity, the priority from high to low are

shown as below,

Ingress IPv6 ACL

Ingress MAC-IP ACL

Ingress MAC ACL

Ingress IP ACL

Example:

Binding AAA access-list to entry direction of port.

Switch(Config-If-Ethernet1/5)#ip access-group aaa in

38.16 mac access extended

Command:

mac-access-list extended

no mac-access-list extended <name>

Functions:

Define a name-manner MAC ACL or enter access-list configuration mode, “no mac-access-list extended ”

command deletes this ACL.

Parameters:

<name> name of access-list excluding blank or quotation mark, and it must start with letter, and the length cannot

exceed 32. (remark: sensitivity on capital or small letter.)

Command Mode:

Global mode

Default Configuration: