Management ACLs
134
CN4093 Application Guide for N/OS 8.4
Management ACLs (MACLs) filter inbound traffic (traffic heading toward the
CPU). MACLs are applied switch‐wide. Traffic can be filtered based on the
following:
IPv4 source address
IPv4 destination address
IPv4 protocols
TCP/UDP destination or source port
Lower MACL numbers have higher priority. Up to 128 MACLs can be configured.
Following is an example MACL configuration based on a destination IP address
and a TCP‐UDP destination port:
CN 4093(config)# access-control macl 1 ipv4 destination-ip-address
1.1.1.1 255.255.255.0
CN 4093(config)# access-control macl 1 tcp-udp destination-port 111
0xffff
CN 4093(config)# access-control macl 1 statistics
CN 4093(config)# access-control macl 1 action permit
CN 4093(config)# access-control macl 1 enable
Use the following command to view the MACL configuration:
CN 4093(config)# show access-control macl 1
MACL 1 profile
: Enabled
IPv4
- DST IP
: 1.1.1.1/255.255.255.0
TCP/UDP
- DST Port
: 111/0xffff
Action
: Permit
Statistics
: Enabled