TP-Link T2500G-10MPS User Manual page 572

Configuring ACL
mac access list 50
rule 5 permit smac 00:34:a2:d4:34:b5 smask ff:ff:ff:ff:ff:ff
Switch(config)#end
Switch#copy running-config startup-config
 Standard-IP ACL
Step 1 configure
Enter global configuration mode.
Step 2 access-list create access-list-num
Create an Standard-IP ACL.
access-list-num：
Step 3 access-list standard acl-id rule rule-id { deny | permit } [[ sip source-ip ] smask source-
ip-mask ] [[ dip destination-ip ] dmask destination-ip-mask ] [ tseg time-segment ]
Add rules to the ACL.
acl-id:
rule-id:
IDs.
deny | permit: Specify the action to be taken with the packets that match the rule. Deny
means to discard; permit means to forward. By default, it is set to permit.
source-ip:
source-ip-mask:
address is entered.
destination-ip:
destination-ip-mask:
destination IP address is entered.
time-segment:
frag: Enable or disable matching of fragmented packets. The default is disable. When
enabled, the rule will apply to all fragmented packets and always permit to forward the
last fragment of a packet.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to create Standard-IP ACL 600, and configure Rule 1 to
permit packets with source IP address 192.168.1.100：
Switch#configure
Enter an ACL ID. The ID ranges from 500 to 1499.
The ID number of the ACL you have created.
Assign an ID to the rule. It cannot be the same as the existing Standard-IP Rule
Enter the source IP address.
Enter the mask of the source IP address. This is required if a source IP
Enter the destination IP address.
Enter the mask of the destination IP address. This is required if a
The name of the time-range. The default is No Limit.
ACL Configuration
Configuration Guide 548