Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
411412413414415416417418419420
384 PowerConnect B-Series TI24X Configuration Guide
53-1002269-02
Enabling ACL support for switched traffic in the router image
13
Enabling ACL support for switched traffic in the router image
By default, when an ACL is applied to a physical or virtual routing interface, the Layer 3 device
filters routed traffic only. It does not filter traffic that is switched from one port to another within
the same VLAN or virtual routing interface, even if an ACL is applied to the interface.
You can enable the device to filter switched traffic within a VLAN or virtual routing interface. When
filtering is enabled, the device uses the ACLs applied to inbound traffic to filter traffic received by a
port from another port in the same virtual routing interface.
To enable this feature, enter a command such as the following.
PowerConnect(config)# access-list 101 bridged-routed
Applying the ACL rule above to an interface, enables filtering of traffic switched within a VLAN or
virtual routing interface.
Syntax: [no] ip access-list <ACL-ID> bridged-routed
The <ACL-ID> parameter specifies a standard or extended numbered or named ACL.
You can use this feature in conjunction with enable ACL-per-port-per-vlan, to assign an ACL to a
single port within a virtual interface. In this case, all of the Layer 3 traffic (bridged and routed) are
filtered by the ACL.
PowerConnect(config)# enable ACL-per-port-per-vlan
PowerConnect(config)# write memory
PowerConnect(config)# exit
PowerConnect# reload
Enabling ACL filtering based on VLAN membership or VE port
membership
NOTE
This section applies to IPv4 ACLs only. IPv6 ACLs do not support ACL filtering based on VLAN
membership or VE port membership.
You can apply an inbound IPv4 ACL to specific VLAN members on a port (Layer 2 devices only) or to
specific ports on a virtual interface (VE) (Layer 3 Devices only).
By default, this feature support is disabled. To enable it, enter the following commands at the
Global CONFIG level of the CLI.
PowerConnect (config)# enable ACL-per-port-per-vlan
PowerConnect (config)# write memory
PowerConnect (config)# exit
PowerConnect# reload
After entering the above commands, you can do the following:
Apply an IPv4 ACL to specific VLAN members on a port – refer to Applying an IPv4 ACL to
specific VLAN members on a port (Layer 2 devices only)” on page 385
Apply an IPv4 ACL to a subset of ports on a VE – refer to Applying an IPv4 ACL to a subset of
ports on a virtual interface (Layer 3 devices only)” on page 385
Syntax: [no] enable ACL-per-port-per-vlan