C613-50102-01 REV C
Command Reference for x510 Series
1385
AlliedWare Plus™ Operating System - Version 5.4.6-1.x
IP
V
4 H
ARDWARE
A
CCESS
C
ONTROL
L
IST
(ACL) C
OMMANDS
ACCESS
-
GROUP
access-group
Overview
This command adds or removes a hardware-based access-list to or from a switch
port interface. The number of hardware numbered and named access-lists that can
be added to a switch port interface is determined by the available memory in
hardware-based packet classification tables.
This command works in Interface Configuration mode to apply hardware
access-lists to selected switch port interfaces.
The
no
variant of this command removes the selected access-list from an interface.
Syntax
access-group
[<
3000-3699
>|<
4000-4699
>|<
hardware-access-list-name
>]
no access-group
[<
3000-3699
>|
4000-4699
|<
hardware-access-list-name
>]
Mode
Interface Configuration for a switch port interface
Default
Any traffic on an interface controlled by a hardware ACL that does not explicitly
match a filter is permitted.
Usage
First create an IP access-list that applies the appropriate permit/deny requirements
with the
access-list (hardware IP numbered)
use this command to apply this hardware access- list to a specific port or port
range. Note that this command will apply the access-list only to incoming data
packets.
To apply ACLs to an LACP aggregated link, apply it to all the individual switch ports
in the aggregated group. To apply ACLs to a static channel group, apply it to the
static channel group itself. An ACL can even be applied to a static aggregated link
that spans more than one switch instance (
).
Note that you cannot apply software numbered ACLs to switch port interfaces with
the access-group command. This command will only apply hardware ACLs.
NOTE
:
Hardware ACLs will
permit
access unless
explicitly denied
by an ACL action.
Parameter
Description
<3000-3699>
Hardware IP access-list.
<
4000-4699
>
Hardware MAC access-list.
<
hardware-access-list-name
>
The hardware access-list name.