Access Control List Configuration
169
Software Configuration Guide Release 2.10, Revision 1.00
Use the
no
form of this command to disable any debug output.
Keyword Meaning
out
Specifies that the access control list applies to outgoing packets on this interface.
Thus for each IP interface only one incoming and outgoing access control list can be active at the
same time.
Example: Bind and Unbind an Access Control List Entries to an IP Interface
Bind an access control list profile to incoming packets on the interface
wan
in the IP router context.
SN(cfg)#
context ip router
SN(cfg-ip)[router]#
interface wan
SN(cfg-if)[wan]#
use profile acl WanRx in
Unbind an access control list profile from an interface.
SN(cfg)#
context ip router
SN(cfg-ip)[router]#
interface wan
SN(cfg-if)[wan]#
no use profile acl in
Note: When unbinding an access control list profile the
name
argument is not required, since only
one incoming and outgoing access control list can be active at the same time on a certain IP interface.
19.9 Display an Access Control List Profile
The
show profile acl
command displays the indicated access control list profile. If no specific profile
is selected all installed access control list profiles are shown. If an access control list is linked to an IP
interface the number of matches for each rule is displayed. If the access control list profile is linked to
more than one IP interface, it will be shown for each interface.
Procedure
To display a certain access control list profile
Mode
Administrator execution or any other mode, except the operator execution mode
Command
Purpose
Step 1
node
#show profile acl
name
Displays the access control list
profile
name
Example: Displaying an Access Control List Entries
The following example shows how to display the access control list profile named WanRx.
SN#
show profile acl WanRx
IP access-list WanRx. Linked to router/wan/in.
deny icmp any any msg echo
permit ip 62.1.2.3 0.0.255.255 host 193.14.2.11
permit ip 97.123.111.0 0.0.0.255 host 193.14.2.11
permit tcp any host 193.14.2.10 eq 80
permit udp host 62.1.2.3 host 193.14.2.11 range 1024 2048
deny ip any any
19.10 Debug an Access Control List Profile
The
debug acl
command is used to debug the access control list profiles during system operation.
Summary of Contents for SmartWare Release 2.10
Page 2: ...2 Legal Notice Software Configuration Guide Release 2 10 Revision 1 00...
Page 15: ...Terms and Definitions 15 Software Configuration Guide Release 2 10 Revision 1 00...
Page 218: ...218 PPP Configuration no shutdown Software Configuration Guide Release 2 10 Revision 1 00...
Page 272: ...272 Tone Configuration Software Configuration Guide Release 2 10 Revision 1 00...