Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
401402403404405406407408409410
Enterasys X-Pedition User Reference Manual 375
Applying ACLs
Note: You must reapply or comment in the apply line of the ACL before changes will take affect.
In-line Editing
The XP allows you to manage ACLs from the configuration by negating command lines. By
negating the ACL apply line from the configuration, you may completely turn off an ACL.
Negating a specific rule within the ACL will remove it from the ACLs rule list.
Wildcards
The following command creates an ACL to permit all IP traffic. Since none of the ACL fields are
specified, they are all assumed to be wildcards.
The above command is equivalent to the following:
Applying ACLs
It is important to understand that an ACL is simply a definition of packet characteristics specified
in a set of rules. An ACL must be enabled in one of the following ways:
Applying an ACL to an interface, which permits or denies traffic to or from the XP. ACLs used
in this way are known as Interface ACLs.
Note: You may not apply ACLs to interface EN0 of the control module.
Applying an ACL to a service, which permits or denies access to system services provided by
the XP. ACLs used in this way are known as Service ACLs.
Applying an ACL to ports operating in Layer-4 bridging mode, which permits or denies bridged
traffic. ACLs used in this way are known as Layer-4 Bridging ACLs.
Associating an ACL with ip-policy, nat, port mirroring, rate-limit, or web-cache commands,
which specifies the criteria that packets, addresses, or flows must meet in order to be relevant
to these XP features. ACLs used in this way are known as Profile ACLs.
These uses of ACLs are described in the following sections.
xp(config)# acl allip permit ip
xp(config)# acl allip permit ip any any any any