Support User Manuals

Dell FCX624-I Laptop User Manual

Open as PDF

of 1494

PowerConnect B-Series FCX Configuration Guide 575

53-1002266-01

Enabling ACL filtering based on VLAN membership or VE port membership

16

PowerConnect(config)#access-list 10 permit

PowerConnect(config)#int e 1/23

PowerConnect(config-if-e1000-1/23))#per-vlan 12

PowerConnect(config-if-e1000-1/23-vlan-12))#ip access-group 10 in

The commands in this example configure port-based VLAN 12, and add ports e 5 – 8 as untagged

ports and ports e 23 – 24 as tagged ports to the VLAN. The commands following the VLAN

configuration commands configure ACL 10. Finally, the last three commands apply ACL 10 on

VLAN 12 for which port e 23 is a member.

Syntax: per-vlan <VLAN ID>

Syntax: [no] ip access-group <ACL ID>

The <VLAN ID> parameter specifies the VLAN name or number to which you will bind the ACL.

The <ACL ID> parameter is the access list name or number.

Applying an IPv4 ACL to a subset of ports on a virtual

interface (Layer 3 devices only)

NOTE

This section applies to IPv4 ACLs only. IPv6 ACLs do not support ACL filtering based on VE port

membership.

You can apply an IPv4 ACL to a virtual routing interface. The virtual interface is used for routing

between VLANs and contains all the ports within the VLAN. The IPv4 ACL applies to all the ports on

the virtual routing interface. You also can specify a subset of ports within the VLAN containing a

specified virtual interface when assigning an ACL to that virtual interface.

Use this feature when you do not want the IPv4 ACLs to apply to all the ports in the virtual interface

VLAN or when you want to streamline IPv4 ACL performance for the VLAN.

To apply an ACL to a subset of ports within a virtual interface, enter commands such as the

following.

PowerConnect(config)#enable ACL-per-port-per-vlan

...

PowerConnect(config)#vlan 10 name IP-subnet-vlan

PowerConnect(config-vlan-10)#untag ethernet 1/1 to 2/12

PowerConnect(config-vlan-10)#router-interface ve 1

PowerConnect(config-vlan-10)#exit

PowerConnect(config)#access-list 1 deny host 209.157.22.26 log

PowerConnect(config)#access-list 1 deny 209.157.29.12 log

PowerConnect(config)#access-list 1 deny host IPHost1 log

PowerConnect(config)#access-list 1 permit any

PowerConnect(config)#interface ve 1/1

PowerConnect(config-vif-1/1)#ip access-group 1 in ethernet 1/1 ethernet 1/3

ethernet 2/1 to 2/4

The commands in this example configure port-based VLAN 10, add ports 1/1 – 2/12 to the VLAN,

and add virtual routing interface 1 to the VLAN. The commands following the VLAN configuration

commands configure ACL 1. Finally, the last two commands apply ACL 1 to a subset of the ports

associated with virtual interface 1.

Syntax: [no] ip access-group <ACL ID> in ethernet <port> [to <port>]

The <ACL ID> parameter is the access list name or number.

previous next