Table of Contents
Advertisement
Command Reference Guide
Functional Notes
Hardware ACLs are used as frame selectors by the hardware access maps; by themselves they do
nothing. Hardware ACLs are composed of an ordered list of entries with an implicit deny any at the end of
each list. A hardware ACL with no entries includes an implicit permit any. An ACL entry contains two parts:
an action (permit or deny) and a frame pattern. A permit ACL matches frames (meeting the specified
pattern) and allows them to enter the network. A deny ACL advances AOS to the next access list entry.
ACL criteria are compared to the incoming frame in the order in which they were entered or from the top of
the list down. Generally, the most specific entries should be at the top and the more general at the bottom.
Changing hardware ACL or hardware access map configuration or application causes
new information to be reinstalled on the hardware. It is possible to run out of hardware
resources depending on how many resources are needed to apply the desired change. If
there are not enough hardware resources to install the new criteria in the hardware, an
error message is displayed. You can view the amount of hardware resources available
using the command
Usage Examples
The following example specifies that the MAC hardware ACL Untrusted deny traffic from MAC address
08:00:69:02:01:FC with a destination of MAC address 08:00:69:02:06:CB. Traffic that matches this
description will be logged.
(config)#mac hw-access-list extended Untrusted
(config-ext-mac-hw-nacl)#deny address 08:00:69:02:01:FC address 08:00:69:02:06:CB log
60000CRG0-35E
show hw-filter-resource on page
Copyright © 2012 ADTRAN, Inc.
Hardware ACLs and Hardware Access Maps
518.
3118
Advertisement
Table of Contents
