Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring ACLs (Rev. 03)
Overview
© 2008 Foundry Networks, Inc
Page 32 of 50
NOTE
The ACLs in the range <300-399> cannot be applied to an interface or VLAN with
the ACG options since the IGMP traffic is forwarded only to the CPU.
Command Syntax
device-name
(config-if
UU/SS/PP
)#
ip access-group
[
in
] <
acl-number
>
[
option
]
device-name
(config-if
UU/SS/PP
acg
acl-num
)#
device-name
(config-if
UU/SS/PP
)#
no ip access-group
[
in
] <
acl-number
>
device-name
(config-vlan
VLAN-NAME
)#
ip access-group
[
in
] <
acl-number
>
[
option
]
device-name
(config-vlan
VLAN-NAME
acg
ACL-NUM
)#
device-name
(config- vlan
VLAN-NAME
)#
no ip access-group
[
in
] <
acl-number
>
Argument Description
acl-number
A number identifying an existing ACL. Valid values are in the ranges <1-199>
and <300-399> for an ACG applied to an interface or a VLAN.
in
(Optional). The ACL is applied on the incoming traffic (note that even if the
in
keyword is not specified, the ACL will be applied only on the incoming
traffic).
option
(Optional). Defines the action that will be performed on the traffic which
match the applied ACL: rate limit, traffic redirecting, DSCP remarking,
priority assignment and statistics.
Example
In the following example (
Figure 9
):
•
Interface 1/1/1 is connected to a group of users. ACL 100 disallows TCP
connection to the user with IP address 192.82.52.36 (PC1) and disallows
Telnet connection for all the other users (PC2).
•
Interface 1/1/2 is connected to a server. ACL 101 disallows TCP connection
from the server to the user with IP address 192.82.52.36 (PC1) and disallows
Telnet connection for all the other users (PC2).
•
On both interfaces, all other connections are allowed.