Chapter 33: Access Control Lists
STANDARD Revision 1.0
C4® CMTS Release 8.3 User Guide
© 2016 ARRIS Enterprises LLC. All Rights Reserved.
951
configure access-list <access-list-number> no
Use the following command to resequence the access list index numbers:
configure access-list resequence <num> [<index_number>]
Use the following command to permit or deny, and define a standard IPv4 ACL:
configure access-list <access-list-number> {permit | deny} {{<source IP> [<wildcard>]} | {host
<source IP>} | any}
Use this command to configure a Data Plane Filter ACL on the 12U/24U cable-side, Gigabit Ethernet, or ten-Gigabit
Ethernet interface. If an ACL is applied to a physical port, it is active for all virtual routes associated with that physical port:
configure [no] interface {gigabitEthernet | tengigabitEthernet | cable} <slot/port> ip access-group
<acl-index>
For cable MACs, use the following command to use Data Plane Filter ACLs to set access control on a MAC domain:
configure [no] interface cable-mac <mac-id> ip access-group <acl-index>
Use the no form of the two commands above to disable access filtering for a particular interface.
Use this command to display ACLs defined by a parameter given, or to show all with no parameters:
show access-list [access-list-number]
The CLI syntax allows an ACL name to be used anywhere an acl-num is currently used, but will not allow an undefined
name to be used.
The
show running-config
command displays access list names instead of numbers if names have been assigned. It
displays access list index numbers only if the full option is used.
The following is an example of IPV4 ACL configuration syntax in nested mode:
configure
access-list 1
name ACL_IBM
remark "In-Band Management"
permit any
exit
access-list 100
name ACL_Egress_NACLs
remark "Egress NACLs"
permit udp 10.0.0.0 0.255.255.255 167.206.3.128 0.0.0.127 eq tftp
permit udp 10.0.0.0 0.255.255.255 167.206.9.0 0.0.0.255 eq tftp
permit udp 10.0.0.0 0.255.255.255 host 167.206.7.171 eq tftp
exit
