Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
313
Command
Explanation
Admin Mode
clear access-group statistic [ethernet
<interface-name> ]
Clear the filtering information of the specified port.
39.3 ACL Example
Scenario 1:
The user has the following configuration requirement: port 10 of the switch connects to
10.0.0.0/24 segment, ftp is not desired for the user.
Configuration description:
1. Create a proper ACL
2. Configuring packet filtering function
3. Bind the ACL to the port
The configuration steps are listed below:
Switch(config)#access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-
destination d-port 21
Switch(config)#firewall enable
Switch(config)#interface ethernet 1/10
Switch(Config-If-Ethernet1/10)#ip access-group 110 in
Switch(Config-If-Ethernet1/10)#exit
Switch(config)#exit
Configuration result:
Switch#show firewall
Firewall status: enable.
Switch#show access-lists
access-list 110(used 1 time(s)) 1 rule(s)
access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21
Switch#show access-group interface ethernet 1/10
interface name:Ethernet1/10
the ingress acl use in firewall is 110, traffic-statistics Disable.
Scenario 2:
The configuration requirement is stated as below: The switch should drop all the 802.3
datagram with 00-12-11-23-xx-xx as the source MAC address coming from interface 10.
Configuration description: