Chapter9ACLConguration
Whenthefollowingcommandsareconguredonaport,ACL10is
effectiveonthisportin“in”directionandACL100iseffectiveon
thisportin“out”direction.
ZXR10(config-if)#ipaccess-group10in
ZXR10(config-if)#ipaccess-group100out
ApplyingACLtoVirtualPort
ToapplyACLtovirtualport,performthefollowingsteps.
Step
CommandFunction
1
ZXR10(config)#vlan<vlan-number>ThisentersVLAN
congurationmode
2
ZXR10(config-vlan)#ipaccess-group<acl-number>inThisappliesACLtoavirtual
port
ConfiguringEventLinkage
ACLRule
AftereventlinkageACLruleiscongured,whentwointerfaceson
adeviceareconnectedtoanupperlayerdevice,onlyenableone
interface.Ifoneinterfacestatusturnstodown,theotherinterface
isenabledautomatically.
TocongurelinkageACLrule,performthefollowingsteps.
Step
CommandFunction
1
ZXR10(config)#event-list<name>Thiscreatesaneventlist.
2
ZXR10(config-event)#interface<interface-name>{ad
min|physical|protocol}{down|up}
Thissetstheconditionsof
triggeringevent,whereport
managementstate,physical
stateandprotocolstatecan
beset.
3
ZXR10(config-event)#exitThisexitseventlist.
4
ZXR10(config)#aclstandardnumber<number>Thisentersstandardaccess
list.
5
ZXR10(config-std-acl)#rule1permit<source-address
><source-wildcard>event<name>
ThisassociatestheACLrule
withtheevent.
ExampleAsshowninFigure25,SwitchAandSwitchBbackupforeach
other .SwitchCreceivestwosamedataows.Toavoidthisphe-
nomenon,aneventlinkageACLruleiscongured.
CondentialandProprietaryInformationofZTECORPORATION85
To Next Page
Loading...
Need help?
General