D-Link DXS-3600 Series Cli Reference Manual page 306
Layer 2/3 managed 10gigabit
Hide thumbs
Also See for DXS-3600 Series:
- Reference manual (1328 pages) ,
- Hardware installation manual (55 pages) ,
- Reference manual (48 pages)
Table of Contents
Advertisement
DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
,
-
all
Default
None.
Command Mode
Software ACL Filter Map Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
A software ACL filter map will be activated when there is one or more matching interface(s) are
configured. In other words, if no matching interface is configured, this filter map won't take effect.
When a packet is received at CPU and the ingress interface is configured in a software ACL filter map,
the switch will look up the associated access list(s) of the corresponding filter map.
The associated access list with the highest priority in the filter map will be checked at first. Once match is
found, the other ACL access list(s) will be ignored. Otherwise, the access list with the next highest priority
will be looked up and so on.
Within an access list, the similar checking sequence is used. The rule with a smaller sequence number
takes higher precedence. Once match is found, others will be ignored.
Finally, if no match is found, the packet will be permitted, and it can be continually processed by other
functions.
If the matching action is 'permit', it will be passed to other functions. Else if the action is 'drop', the packet
will be dropped.
In other words, the action of software ACL is based on the explicitly configured permit/deny entry. A
packet is permitted if it does not match any explicit permit or deny rule.
An interface can belong to at most one filter map. When an interface is configured to a new filter map, the
interface will be removed from the previous filter map.
Example
This example shows how to configure a matching interface, Ethernet 1/0/1, to the software ACL filter map,
"cpu_filter".
Switch# configure terminal
Switch(config)# ip access-list cpu-acl
Switch(config-ip-acl)# permit 10.20.0.0 255.255.0.0
Switch(config-ip-acl)# exit
Switch(config)# mac access-list extended mac4001
Switch(config-mac-ext-acl)# 25 deny host 0013.0049.8272 any
Switch(config-mac-ext-acl)# exit
Switch(config)# soft-acl filter-map cpu_filter
Switch(config-soft-acl)# 2 match ip access-group cpu-acl
Switch(config-soft-acl)# 3 match mac access-group mac4001
Switch(config-soft-acl)# match interface ethernet 1/0/1
Switch(config-soft-acl)#
interfaces.
(Optional) Specifies a series of physical interfaces. No space before
and after the comma.
(Optional) Specifies a series of physical interfaces. No space before
and after the comma.
Specifies that in the no form of this command, to remove all matching
ingress interface(s).
301
Advertisement
Table of Contents
