Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring ACLs (Rev. 03)
Overview
© 2008 Foundry Networks, Inc
Page 31 of 50
Configuring Access Control Groups (ACGs)
Table 14
lists commands used to configure Access Control Groups (ACGs). An ACG is a
collection of ACLs with the same number. The ACG can be attached to an interface or to a VLAN.
Table 14: ACG Configuration Commands
Command
Description
ip access-group
Assigns an IP Access Control Group (ACG) to an interface or
VLAN.
mac access-group
Assigns a MAC Access Control Group (ACG) to an interface or
VLAN.
ether-type access-
group
Assigns an EtherType Access Control Group (ACG) to an
interface or VLAN.
priority
Assigns priority and drop precedence level (color) to the ACG.
set traffic-class
Sets DSCP to CoS mapping of the configured ACG to the
specified interface and VLAN.
rate-limit
Enables the control of access to the specified interface by using
the ACG parameters.
redirect
Redirects the traffic that matches the conditions of the configured
ACG to the specified interface and VLAN.
set vlan
Changes the VLAN ID on the traffic that matches the conditions
of the configured ACG to the specified VLAN.
statistics
Enabling QoS statistics.
apply
Saves the ACG options and exits the ACG Configuration mode.
Applying an IP ACG to an Interface or VLAN
The
ip access-group
command, in Interface or VLAN ACG Configuration mode, assigns an IP
Access Control Group (ACG) to an interface or VLAN. To remove the specified IP ACG, use the
no
form of this command.
NOTE
The number of ACGs per VLAN is limited. The user can set ACGs for up to 1K
interfaces per VLAN. In order to have the maximal number of ports per VLAN,
set the ACGs on consecutive VLAN numbers. If the user exceeds the allowed
number of definitions, the following message will be displayed
“% The user cannot
apply access group on VLAN <vlan-id>
”.
If the
option
keyword is specified, the command changes the CLI mode to the specified Interface
or VLAN ACG Configuration mode. The settings configured in the Interface or VLAN ACG
Configuration mode will be saved only when exiting this mode.