Owner's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect 6024F

ACL Commands 83

User Guidelines

When an access control entry (ACE) is added to an access control list, an implied

deny-any-

any

condition exists at the end of the list. If there are no matches, the packets are denied.

However, before the first ACE is added, the list permits all packets.

vlan id

is used as a classifier element then it cannot connect a policy map to a VLAN

interface.

Example

The following example configures a MAC ACE to deny traffic from MAC address 6:6:6:6:6:6.

service-acl

The

service-acl

interface configuration command applies an access-list to the interface input. To

detach an access-list from an interface use the

form of this command.

Syntax

service-acl

{

input

acl-name

}

service-acl

{

input

}

•

input

acl-name

—Apply the specified ACL to the input interface.

Default Configuration

This command has no default configuration.

Command Mode

Interface Configuration mode

User Guidelines

Whenever an ACL is assigned to an interface (port, LAG or VLAN), flows (from that ingress

interface) that do not match the ACL are matched to the default rule: "drop unmatched

packets". If an ACL X is bound to a port and the port becomes a member of the VLAN to

which a different ACL Y is bound, then the ACL Y bound to the VLAN overrides the ACL X

bound to the port.

Example

The following example attaches the ACL "dell" to the interface input.

Console (config)# mac access-list dell

Console (config-mac-al)# deny 06:06:06:06:06:06 00:00:FF:FF:FF:FF

any

Console (config-if)# service-acl input dell