Filter
Top Products
EX2500 Ethernet Switch Configuration Guide
56 Using ACL Filters
Assigning ACLs to a Port
Once you configure an ACL, you must assign the ACL to a port. Each port can
accept multiple ACLs. Note that higher-priority ACLs are considered first, and their
action takes precedence over lower-priority ACLs.
When you assign an ACL to a port, the ACL acts only upon ingress traffic, not egress
traffic.
To assign an ACL to a port:
ex2500(config)# interface port 1
ex2500(config-if)# ip access-group 128 in
ex2500(config-if)# exit
To delete an ACL from a port:
ex2500(config)# interface port 1
ex2500(config-if)# no ip access-group 128 in
ex2500(config-if)# exit
Viewing ACL Statistics
ACL statistics display how many packets hit (matched) each ACL. Use ACL statistics
to check filter performance, and debug the ACL filters. You must enable statistics
for each ACL that you want to monitor. Use the following command to enable
statistics for the ACL:
ex2500(config)# access-list ip standard 128 statistics
Use the following command to view ACL statistics:
ex2500(config)# show access-list counters
ACL Configuration Examples
ACL Example 1—Blocking Traffic to a Host
Use this configuration to block traffic to a specific host. All traffic that ingresses
port 1 is denied if it is destined for the host at IP address
100.10.1.1.
1. Configure an Access Control List.
ex2500(config)# access-list ip 150 standard
ex2500(config-std-nacl)# deny any host 100.10.1.1
ex2500(config-std-nacl)# exit
2. Assign the ACL to port 1.
ex2500(config)# interface port 1
ex2500(config-if)# ip access-group 150 in
ex2500(config-if)# exit