Manualshelf

mac

ManualsBrandsip ManualsNetworkingipv6
431432433434435436437438439440
Commands for Self-defined ACL
437
Default: userdefined-access-list is not bound to any VLAN
Usage Guide: A self-defined access-list can be bound to the ingress of a VLAN and can
be configured at the ingress of the same VLAN with other access-lists at the same time.
The deny rule is precedent when different access-lists are matching, that means if there
is a access-lists match the deny rule, the deny rule must be executed, the permit rule will
be executed oppositely.
Example: The configured self-defined access-list is shown in the following:
Switch(config)#userdefined-access-list extended offset swindow1 l3 0 swindow2 l4 1
lwindow1 l3 1
Switch(config)#userdefined-access-list extended 1300 permit tagged-eth2 swindow1
4501 FFFF swindow2 00FF 00FF
Switch(config)#userdefined-access-list extended 1300 deny untagged-eth2 lwindow1
FFAA0000 FFFF0000
Bind the self-defined access-list to VLAN1:
Switch(config)#vacl userdefined access-group 1300 in vlan 1.