Command Reference Guide
Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 138
Access Control configuration
Use these commands to create Access Control Lists (ACLs) and ACL Groups. ACLs define matching
criteria used for IP filtering and Quality of Service functions.
Access Control List configuration
These commands allow you to define filtering criteria for each Access Control List (ACL). The following
table describes the basic ACL Configuration commands.
Table 156 ACL Configuration commands
Command
Description
[no] access-control list <ACL
number> egress-port <port number>
Configures the ACL to function on egress packets.
The egress port ACL will not match a Layer 2 broadcast or
multicast packet. The egress port ACL will not match packets if
the destination port is a trunk.
Command mode: Global configuration
access-control list <ACL number>
action {permit|deny|set-priority
<0-7>}
Configures a filter action for packets that match the ACL
definitions. You can choose to permit (pass) or deny (drop)
packets, or set the Class of Service queue that handles the
packets.
Command mode: Global configuration
[no] access-control list <ACL
number> statistics
Enables or disables the statistics collection for the Access
Control List. The default is disabled.
Command mode: Global configuration
default access-control list
<ACL number>
Resets the ACL parameters to their default values.
Command mode: Global configuration
show access-control list <ACL
number>
Displays the current ACL parameters.
Command mode: All
ACL Ethernet Filter configuration
These commands allow you to define Ethernet matching criteria for an ACL. The following table describes
the Ethernet Filter Configuration commands.
Table 157 Ethernet Filter Configuration commands
Command
Description
[no] access-control list <ACL number>
ethernet source-mac-address <MAC
address> [<MAC mask>]
Defines the source MAC address and MAC mask for this
ACL. For example:
00:60:cf:40:56:00 ff:ff:ff:ff:ff:fc
Command mode: Global configuration
[no] access-control list <ACL number>
ethernet destination-mac-address <MAC
address> [<MAC mask>]
Defines the destination MAC address and MAC mask for
this ACL. For example:
00:60:cf:40:56:00 ff:ff:ff:ff:ff:fc
Command mode: Global configuration
[no] access-control list <ACL number>
ethernet vlan <1-4095> [<mask>]
Defines a VLAN number and mask for this ACL.
Command mode: Global configuration
[no] access-control list <ACL number>
ethernet ethernet-type
{arp|ip|ipv6|mpls|rarp|any|0xXXXX}
Defines the Ethernet type for this ACL.
Command mode: Global configuration
[no] access-control list <ACL number>
ethernet priority <0-7>
Defines the Ethernet priority value for the ACL.
Command mode: Global configuration
NOTE: ACL number is available from 1 to 384.