Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

311

312

313

314

315

316

317

318

319

320

318 | Chapter 13. ACLs

NETGEAR 8800 User Manual

If an application assigns the same priority number to two ACLs, the ACL added most recently

has the higher priority. It is inserted in the priority map immediately ahead of the older ACL

that has the same priority number. This effectively allows the application to create sub-zones

within a zone. The attributes first and last can be used in combination with priority numbers to

prioritize the ACLs within a sub-zone. For example, an ACL could be configured with the first

attribute, along with the same priority number as other ACLs in the same zone, effectively

assigning that ACL the highest priority within a sub-zone.

The show configuration command shows the current configuration of the entire switch in the

form of CLI commands which can later be played back to configure the switch.

The show configuration acl command shows the current configuration of the ACL manager.

The new application keyword allows you to specify the application to which the ACL will be

bound. Typically, applications create and insert ACLs on the switch; however the

administrator can install ACLs "on behalf" of an application by specifying the

application

keyword. (This keyword is also used with the

show config acl command to enable CLI

playback). If no application is specified, the default application is CLI.

This means you have the ability to create, delete, and configure ACLs for any application.

To create a zone, use the following command:

create access-list zone <name> zone-priority <number>

To configure the priority of zones, use the following command:

configure access-list zone <name> zone-priority <number>

To add an application to a zone at a particular priority, or to change the priority of an

application within a zone, use the following command:

configure access-list zone <name> {add} application <appl-name>

application_priority <number>

An application must occupy at least one zone.

To move an application within a zone or to another zone use the following command:

configure access-list zone <name> move-application <appl-name> to-zone <name>

application-priority <number>

All applications can be configured to go into any and all zones.

A change in the zone list results in a change in the order of dynamic ACLs that have been

applied per interface. The changes in hardware are achieved by uninstalling and then

reinstalling the dynamic ACLs in the new positions. There is a possibility, due to hardware

constraints, that some ACLs will not be reinstalled. These occurrences are logged.

To delete an application from a zone, use the following command:

configure access-list zone <name> delete application <appl-name>

When deleting an application from a zone, any ACLs that have been inserted into that zone

for the deleted application are moved to the next higher zone in which the application

appears.