AMX NXA-ENET24 Switch User Manual

Open as PDF

of 304

Configuring ACLs

NXA-ENET24 - Software Management Guide

Configuring a MAC ACL Mask - Web

Configure the mask to match the required rules in the MAC ingress or egress ACLs. Set the mask to check for

any source or destination address, a host address, or an address range.

Use a bitmask to search for specific VLAN ID(s) or Ethernet type(s). Or check for rules where a packet format

was specified. Then click Add.

Configuring a MAC ACL Mask - CLI

This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order

of the rules have been changed by the mask.

Binding a Port to an Access Control List - Web

After configuring the Access Control Lists (ACL), you can bind the ports that need to filter traffic to the

appropriate ACLs. You can only bind a port to one ACL for each basic type – IP ingress, IP egress, MAC

ingress and MAC egress.

Command Usage

 This switch supports ACLs for both ingress and egress filtering. However, you can only bind one IP

ACL and one MAC ACL to any port for ingress filtering, and one IP ACL and one MAC ACL to

any port for egress filtering. In other words, only four ACLs can be bound to an interface – Ingress

IP ACL, Egress IP ACL, Ingress MAC ACL and Egress MAC ACL.

 When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules.

Otherwise, the bind operation will fail.

FIG. 81 Configuring a MAC based ACL

Console(config)#access-list mac M4

Console(config-mac-acl)#permit any any

Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any vid 3

278

Console(config-mac-acl)#end

Console#show access-list

MAC access-list M4:

permit any any

deny tagged-eth2 host 00-11-11-11-11-11 any vid 3

Console(config)#access-list mac mask-precedence in

Console(config-mac-mask-acl)#

mask pktformat ff-ff-ff-ff-ff-ff any vid

Console(config-mac-mask-acl)#exit

Console(config)#interface ethernet 1/12

Console(config-if)#mac access-group M4 in

Console(config-if)#end

Console#show access-list

MAC access-list M4:

deny tagged-eth2 host 00-11-11-11-11-11 any vid 3

permit any any

MAC ingress mask ACL:

mask pktformat host any vid

Console#

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

AMX NXA-ENET24 Switch User Manual