Manualshelf

mac

ManualsBrandsip ManualsNetworkingipv6
431432433434435436437438439440
Commands for Self-defined ACL
436
37.5 userdefined access-group
Command: userdefined access-group <name> {in} [traffic-statistic]
no userdefined access-group <name> {in}
Function: Apply userdefined-access-list to one direction of the port. Decide whether the
statistical counter should be added to the ACL according to the options. The no
command deletes the configuration bound to the port.
Parameter: <name> is the access-list name from 1200-1399 in decimal notation.
Command Mode: Physical Port Configuration Mode.
Default: userdefined-access-list is not bound to the port
Usage Guide: A self-defined access-list can be bound to the ingress of a port and can
be configured at the ingress of the same port with other access-lists at the same time.
The deny rule is precedent when different access-lists are matching, that means if there
is a access-lists match the deny rule, the deny rule must be executed, the permit rule will
be executed oppositely.
Example: The configured self-defined access-list is shown in the following:
Switch(config)#userdefined-access-list extended offset swindow1 l3 0 swindow2 l4 1
lwindow1 l3 1
Switch(config)#userdefined-access-list extended 1300 permit tagged-eth2 swindow1
4501 FFFF swindow2 00FF 00FF
Switch(config)#userdefined-access-list extended 1300 deny untagged-eth2 lwindow1
FFAA0000 FFFF0000
Bind the self-defined access-list to Ethernet1/1:
Switch(config)#interface ethernet1/1
Switch(config-if-ethernet1/1)#userdefined access-group 1300 in
37.6 vacl userdefined access-group
Command: vacl userdefined access-group <name> {in} vlan <vlanId>
[traffic-statistic]
no vacl userdefined access-group <name> {in} vlan <vlanId>
Function: Apply userdefined-access-list to one direction of the specified VLAN, decide
whether the statistical counter should be added to the ACL according to the options or.
Theno command deletes the configuration bound to the specified VLAN.
Parameter: <name> is the access-list name from 1200 to 1399 in decimal notation;
<vlanId> the bound VLANthe range is 1-4095.
Command Mode: Global Mode