Manualshelf

User`s manual

ManualsBrandsAsante ManualsComputer equipmentIntraCore 36000 Series
81828384858687888990
82 Asanté IntraCore 36000 Series
CLI
This example shows how to create an Ingress MAC ACL and bind it to a port. You can see the mask has
changed the order of the rules.
Console(config)#access-list mac M4
Console(config-mac-acl)#permit any any
Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff
any vid 3
Console(config-mac-acl)#end
Console#show access-list
MAC access-list M4:
permit any any
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
Console(config)#access-list mac mask-precedence in
Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/12
Console(config-if)#mac access-group M4 in
Console(config-if)#end
Console#show access-list
MAC access-list M4:
deny tagged-eth2 host 00-11-11-11-11-11 any vid 3
permit any any
MAC ingress mask ACL:
mask pktformat host any vid
Console#
6.7.9 Binding a Port to an Access Control List
After configuring the Access Control Lists (ACL), you can bind the ports that need to filter traffic to the
appropriate ACLs. You can only bind a port to one ACL for each basic type – IP ingress, IP egress, MAC
ingress and MAC egress.
Follow these guidelines.
You must configure a mask for an ACL rule before you can bind it to a port.
This switch supports ACLs for both ingress and egress filtering. You can only bind one IP ACL and one MAC
ACL to any port for ingress filtering, and one IP ACL and one MAC ACL to any port for egress filtering. In
other words, only four ACLs can be bound to an interface – Ingress IP ACL, Egress IP ACL, Ingress MAC
ACL and Egress MAC ACL.
When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules.
Otherwise, the bind operation will fail.
The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs.
If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress checking, the
bind operation will fail.
Command Attributes
Port – Fixed port or SFP module. (Range: 1-24, 1-48)
IP – Specifies the IP ACL to bind to a port.
MAC – Specifies the MAC ACL to bind to a port.