Advertisement
IP
4 H
A
C
V
ARDWARE
CCESS
ONTROL
(
ACL: IP
NAMED HARDWARE
PROTOCOL ENTRY
Default
On an interface controlled by a hardware ACL, any traffic that does not explicitly
match a filter is permitted.
Usage
To use this command, run the command
ACL)
awplus(config-ip-hw-acl)#.
Then use this command (and the other "named hardware ACL: entry" commands)
to add filter entries. You can add multiple filter entries to an ACL. You can insert a
new filter entry into the middle of an existing list by specifying the appropriate
sequence number. If you do not specify a sequence number, the switch puts the
entry at the end of the ACL and assigns it the next available multiple of 10 as its
sequence number.
Then use the
to a port or QoS class-map. Note that the ACL will only apply to incoming data
packets.
You can use ACLs to redirect packets, by sending them to the CPU. Use such ACLs
with caution. They could prevent control packets from reaching the correct
destination, such as EPSR healthcheck messages and VCStack messages.
Examples
To add a filter entry to the access-list named "my-list" that will deny all IGMP
packets (protocol 2) from the 192.168.0.0 subnet, and give it a sequence number
of 50, use the commands:
awplus#
awplus(config)#
awplus(config-ip-hw-acl)#
Related
access-group
Commands
access-list hardware (named hardware ACL)
match access-group
show running-config
show access-list (IPv4 Hardware ACLs)
613-50137-01 Rev A
L
(ACL) C
IST
OMMANDS
)
and enter the desired access-list name. This changes the prompt to
access-group
configure terminal
access-list hardware my-list
Command Reference for FS980M Series
AlliedWare Plus™ Operating System - Version 5.4.6-2.x
access-list hardware (named hardware
or the
match access-group
50 deny proto 2 192.168.0.0/16 any
command to apply this ACL
790
Advertisement
Troubleshooting
