Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

411

412

413

414

415

416

417

418

419

420

380 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN

Adding a comment to an entry in a numbered ACL

To add comments to entries in a numbered ACL, enter commands such as the following.

For example, using the same example configuration above, you could instead enter the following

commands.

Syntax: [no] access-list <ACL-num> remark <comment-text>

Syntax: [no] ip access-list standard | extended <ACL-num>

Syntax: remark <comment-text>

For <ACL-num>, enter the number of the ACL.

The <comment-text> can be up to 128 characters in length. The comment must be entered

separately from the actual ACL entry; that is, you cannot enter the ACL entry and the ACL comment

with the same access-list or ip access-list command. Also, in order for the remark to be displayed

correctly in the output of show commands, the comment must be entered immediately before the

ACL entry it describes. Note that an ACL comment is tied to the ACL entry immediately following the

comment. Therefore, if the ACL entry is removed, the ACL comment is also removed.

The standard | extended parameter indicates the ACL type.

Applying an ACL to a virtual interface in a protocol-

or subnet-based VLAN

By default, when you apply an ACL to a virtual interface in a protocol-based or subnet-based VLAN,

the ACL takes effect on all protocol or subnet VLANs to which the untagged port belongs. To

prevent the device from denying packets on other virtual interfaces that do not have an ACL

applied, configure an ACL that permits packets in the IP subnet of the virtual interface in all

protocol-based or subnet-based VLANs to which the untagged port belongs. The following is an

example configuration.

PowerConnect# conf t

PowerConnect(config)# vlan 1 name DEFAULT-VLAN by port

PowerConnect(config-vlan-1)# ip-subnet 192.168.10.0 255.255.255.0

PowerConnect(config-vlan-ip-subnet)# static ethe 1

PowerConnect(config-vlan-ip-subnet)# router-interface ve 10

PowerConnect(config-vlan-ip-subnet)# ip-subnet 10.15.1.0 255.255.255.0

PowerConnect(config-vlan-ip-subnet)# static ethe 1

PowerConnect(config)#access-list 100 remark The following line permits TCP

packets

PowerConnect(config)#access-list 100 permit tcp 192.168.4.40/24 2.2.2.2/24

PowerConnect(config)#access-list 100 remark The following permits UDP packets

PowerConnect(config)#access-list 100 permit udp 192.168.2.52/24 2.2.2.2/24

PowerConnect(config)#access-list 100 deny ip any any

PowerConnect(config)#ip access-list extended 100

PowerConnect(config-ext-nACL)#remark The following line permits TCP packets

PowerConnect(config-ext-nACL)#permit tcp 192.168.4.40/24 2.2.2.2/24

PowerConnect(config-ext-nACL)#remark The following permits UDP packets

PowerConnect(config-ext-nACL)#permit udp 192.168.2.52/24 2.2.2.2/24

PowerConnect(config-ext-nACL)#deny ip any any