Support User Manuals

AMX NXA-ENET24 Switch User Manual

Open as PDF

of 304

CLI (Command Line Interface)

210

NXA-ENET24 - Software Management Guide

 Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or

destination-mac-unknown packets.

The order in which active ACLs are checked is as follows:

1. User-defined rules in the Egress MAC ACL for egress ports.

2. User-defined rules in the Egress IP ACL for egress ports.

3. User-defined rules in the Ingress MAC ACL for ingress ports.

4. User-defined rules in the Ingress IP ACL for ingress ports.

5. Explicit default rule (permit any any) in the ingress IP ACL for ingress ports.

6. Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports.

7. If no explicit rule is matched, the implicit default is permit all.

Masks for Access Control Lists

You can specify optional masks that control the order in which ACL rules are checked. The switch includes

two system default masks that pass/filter packets matching the permit/deny the rules specified in an ingress

ACL. You can also configure up to seven user-defined masks for an ACL.

A mask must be bound exclusively to one of the basic ACL types (i.e., Ingress IP ACL, Egress IP ACL,

Ingress MAC ACL or Egress MAC ACL), but a mask can be bound to up to four ACLs of the same type.

IP ACL Commandss

IP ACL Commands

Command Function

access-list ip

This command adds an IP access

list and enters configuration mode

for standard or extended IP ACLs.

Use the no form to remove the

specified ACL.

Syntax:

[no] access-list ip {standard | extended} acl_name

• standard – Specifies an ACL that filters packets based on the source IP

address.

• extended – Specifies an ACL that filters packets based on the source or

destination IP address, and other more specific criteria.

• acl_name – Name of the ACL. (Maximum length: 16 characters)

Default Setting: None

Command Mode: Global Configuration

Command Usage: When you create a new ACL or enter configuration

mode for an existing ACL, use the permit or deny command to add new

rules to the bottom of the list. To create an ACL, you must add at least one

rule to the list.

To remove a rule, use the no permit or no deny command followed by the

exact text of a previously configured rule.

Note: An ACL can contain up to 32 rules.

Example:

Console(config)#access-list ip standard david

Console(config-std-acl)#

previous next