147
5.3.25 ACL Configuration
Add ACL
IP-COM# configure terminal
IP-COM (config)# access-list 125
Note:
Create MAC based ACL: 125
IP-COM(config)# access-list 1
Note:
Create IP based ACL: 1
Add MAC based ACL rule
IP-COM (config)# access-list 125
IP-COM(config)# mac access-list 125
Note:
Enter ACL 125
IP-COM(config-mac-nacl)# rule 1 deny vlan 2 eth-type any src-mac any dst-mac any
Note:
Add rule 1 and deny all packets passing
IP-COM(config-mac-nacl)#rule 2 deny vlan 1 eth-type any src-mac aaaa.aaaa.aaaa src-mac-mask any dst-mac any
dst-mac-mask any
Note:
Add rule 3, and deny all packets at the source MAC address of "aaaa.aaaa.aaa" passing.
Note:
Deny: Deny packets matching the rule to pass;
Vlan: Specify VID;
Eth-type: Specify protocol type;
Src-mac: Specify source MAC address;
Dst-mac: Specify destination MAC address
If source MAC and destination MAC are set to Any, corresponding fields, such as mask field, will not be
configurable.
IP-COM(config-mac-nacl)#rule <101-200> bind-with timerange <1-100>
Note:
Configure MAC ACL rule binding with time range
Add IP based ACL rule
IP-COM(config)# ip access-list extended 1
Note:
Enter ACL 1
IP-COM(config-ip-nacl)# rule 1 deny tcp src-ip any eq any dst-ip any eq any
Note:
Add rule 1, and deny all TCP packets passing
Содержание G3224P
Страница 1: ......
