Access Control
Configuring ACL Binding
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x
246
17
-
ICMP Type to match
—Enter the number of the message type that will be
used for filtering purposes.
•
ICMP Code
—The ICMP messages may have a code field that indicates how
to handle the message. Select
Any
to accept all codes, or select
User
Defined
to enter an ICMP code for filtering purposes.
STEP 5
Click
Apply
. The IPv6-based ACE is defined, and the Running Configuration is
updated.
Configuring ACL Binding
When an ACL is bound to an interface, its ACE rules are applied to packets arriving
at that interface. Packets that do not match any of the ACEs in the ACL are
matched to a default rule, whose action is to drop unmatched packets.
Although each interface can be bound to only one ACL, multiple interfaces can be
bound to the same ACL by grouping them into a policy map, and binding that
policy map to the interface.
After an ACL is bound to an interface, it cannot be edited, modified, or deleted until
it is removed from all interfaces to which it is bound or in use.
NOTE
It is possible to either bind an interface to a policy or to an ACL but both cannot be
bound.
To bind an ACL to an interface:
STEP 1
Click
Access Control
>
ACL Binding
.
STEP 2
Select the interface type (Port or LAG), and click
Go
.
For each type of interface selected, all interfaces of that type are displayed with a
list of their current ACLs:
•
Interface
—Identifier of interface.
•
MAC ACL
—MAC-based ACLs that are bound to the interface (if any).
•
IPv4 ACL
—IPv4-based ACLs that are bound to the interface (if any).
•
IPv6 ACL
—IPv6-based ACLs that are bound to the interface (if any).
STEP 3
To unbind all ACLs from an interface, select the interface, and click
Clear
.