Command Line Interface
4-112
4
Ingress MAC ACL or Egress MAC ACL), but a mask can be bound to up to four
ACLs of the same type.
IP ACLs
Table 4-37. Access Control List Commands
Command Groups Function Page
IP ACLs Configures ACLs based on IP addresses, TCP/UDP port number,
protocol type, and TCP control code
4-112
MAC ACLs Configures ACLs based on hardware addresses, packet format, and
Ethernet type
4-126
ACL Information Displays ACLs and associated rules; shows ACLs assigned to each port 4-135
Table 4-38. IP ACL Commands
Command Function Mode Page
access-list ip Creates an IP ACL and enters configuration mode GC 4-113
access-list ip extended
fragment-auto-mask
Automatically creates extra masks to support fragmented
ACL entries
GC 4-113
permit, deny Filters packets matching a specified source IP address STD-ACL 4-114
permit, deny Filters packets meeting the specified criteria, including
source and destination IP address, TCP/UDP port number,
protocol type, and TCP control code
EXT-ACL 4-115
show ip access-list Displays the rules for configured IP ACLs PE 4-117
access-list ip
mask-precedence
Changes to the mode for configuring access control masks GC 4-117
mask Sets a precedence mask for the ACL rules IP-Mask 4-118
show access-list ip
mask-precedence
Shows the ingress or egress rule masks for IP ACLs PE 4-121
ip access-group Adds a port to an IP ACL IC 4-122
show ip access-group Shows port assignments for IP ACLs PE 4-122
map access-list ip Sets the CoS value and corresponding output queue for
packets matching an ACL rule
IC 4-123
show map access-list ip Shows CoS value mapped to an access list for an interface PE 4-124
match access-list ip Changes the 802.1p priority, IP Precedence, or DSCP
Priority of a frame matching the defined rule (i.e., also called
packet marking)
IC 4-124
show marking Displays the current configuration for packet marking PE 4-125
To Next Page
Loading...
Need help?
General