Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring ACLs (Rev. 03)
Overview
© 2008 Foundry Networks, Inc
Page 28 of 50
multicast
(Optional). Matches the multicast traffic.
broadcast
(Optional). Matches the broadcast traffic.
known-unicast
<port-list>
(Optional). Matches the known-unicast traffic, which will be forwarded
to one or more port numbers, specified by the following options:
•
UU/SS/PP –a single port specified by unit, slot and port number, e.g. –
1/1/8;
•
UU – all ports on the unit that is specified by a 1 or 2-digit unit
number;
•
UU/SS – all ports on the slot that is specified by unit and slot number;
•
A hyphenated range of ports;
•
Several port numbers and/or ranges, separated by commas.
The provider and/or user VLAN identifiers can be defined for all TLS packets, which are received
on the uplink interface.
The user VLAN identifiers can be specified for all TLS packets, which are received on the user
interface.
Example 1
device-name(config)#
access-list 404 permit any host 00:12:f2:02:43:33
unknown-unicast
device-name(config)#
access-list 405 permit any host 00:12:f2:02:43:32
known-unicast 1/1/2-1/1/4
device-name(config)#
access-list 406 permit any any multicast
device-name(config)#
access-list 407 permit any any broadcast
Creating an EtherType ACL
The EtherType
access-list
command, in Global Configuration mode, defines an ACL based on the
EtherType and a respective mask. The
no
form of this command removes the ACL.
An EtherType ACL enables filtering packets according to the EtherType number. ACLs can be
configured to match an EtherType in a frame identified by a 16-bit hexadecimal number and a
corresponding mask.
The EtherType ACL will not accept the value of IP (0x0800).
In order to distinguish between EtherType Access Control Lists and other types of Access Control
Lists, the EtherType ACLs are created with
acl-number
values in the range 500 to 599.
Several ACLs can be defined with the same ACL number.
Command Syntax
device-name
(config)#
access-list
<
acl-number
>
{
deny
|
permit
}
ether-type
<
type-code
> <
wildcard
> [
provider-vlan
<
vlan-id
> <
wildcard mask
>] [
vlan
<
vlan-id
> <
wildcard mask
>] [
provider-vpt
<
priority
>]
device-name
(config)#
no access-list <acl-number
>
Argument Description
acl-number
Number of the ACL. Valid values are in the range <500-599>.