Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare XOS Command
151152153154155156157158159160
IP Access Control Lists
ExtremeWare XOS 11.0 Concepts Guide 155
The following example denies ICMP echo request packets from the 10.203.134.0/24 subnet, and
increments the counter icmpcnt:
entry icmp {
if {
source-address 10.203.134.0/24;
protocol icmp;
icmp-type echo-request;
} then {
deny;
count icmpcnt;
}
}
The following entry denies every packet and increments the counter default:
entry default {
if {
} then {
deny;
count default;
}
}
Using ACLs on the Switch
After the ACL file has been transferred to the switch, it can be checked to see if it is syntactically
correct. Since an ACL is a type of policy, use the following command to check the ACL syntax:
check policy <policy-name>
After the ACL has been checked, it can be applied to an interface. To apply an ACL, use the following
command:
configure access-list <aclname> [any | ports <portlist> | vlan <vlanname>] {ingress}
If you use the any keyword, the ACL is applied to all the interfaces and is referred to as the wildcard
ACL. This ACL is evaluated for ports without a specific ACL applied to it, and it is also applied to
packets that do not match the ACL applied to the interface.
If an ACL is already configured on an interface, the command will be rejected and an error message
displayed.
To remove an ACL from an interface, use the following command:
unconfigure access-list {any | ports <portlist> | vlan <vlanname>} {ingress}
To display which interfaces have ACLs configured, and which ACL is on which interface, use the
following command:
show access-list {<aclname>}