MES1000, MES2000 Ethernet Switches 205
As soon as at least one record has been added to ACL, the last record is set by default to
deny-any-any that means that all packets, which do not fulfil ACL requirements, will be
ignored.
Table 5.247—Configuration commands for MAC-based ACLs
permit
{any|{source source- wildcard}
{any|destination destination_wildcard}
[vlan vlan_id]
[cos cos cos_wildcard] [eth-type]
[time-range range_name] [index index]
[offset-list offset_list_name]
Adds a permit filtration record. Packets which fulfil the record's requirements
will be processed by the switch.
deny
{any|{source source- wildcard}
{any|{ destination destination_wildcard}}
[vlan vlan_id]
[cos cos cos_wildcard] [eth-type]
[time-range range_name]
[disable-port|log-input] [index index]
[offset-list offset_list_name]
Adds a deny filtration record. Packets which fulfil the record's requirements
will be blocked by the switch. If the disable-port keyword is specified, the
physical interface receiving the packet will be disabled.
If the log-input keyword is specified, the physical a message will be sent to the
system log.
offset-list name { offset_base offset mask
value} …
Creates a user templates list with the name specified in the name field. The
name should contain from 1 to 32 characters.
One command may contain up to 4 templates having the following
parameters:
offset_base—basic offset. Possible values:
L2—beginning of Ethertype offset
outer-tag—beginning of STAG offset
inner-tag—beginning of CTAG offset
src-mac—beginning of source MAC offset
dst-mac—beginning of destination MAC offset
offset—byte offset within a packet. Basic offset is considered as a starting
point.
mask—mask. Packet analysis is performed only for the bytes digits which
have "1" specified as defined in the mask.
value—the set value.
Removes a previously created list.
5.31.4 Access List Time Range Configuration (time-range)
This section describes time range configuration commands for ACL.
To create and enter the 'time-range' configuration profile editing mode, use the following
command: time-range range_name. For example, to create the time range profile named http-allowed,
you have to execute the following commands:
console#
console# configure
console(config)# time-range http-allowed
console(config-time-range)#
Table 5.248 —Time interval configuration mode commands
absolute start hh:mm day month year
hh:mm: (0..23):(0..5)
day: 1..31
month: Jan .. Dec
Set the absolute time and date, when the access list takes
effect.
To Next Page
Loading...
Need help?
General
