Table of Contents
Advertisement
{ip|ipv6|mac|mac-ip} access-group
<acl-name> {in} [traffic-statistic]
no {ip|ipv6|mac|mac-ip} access-group
<acl-name> {in}
5. Clear the filtering information of the specified port
Command
Admin Mode
clear access-group statistic
[ethernet <interface-name> ]
41.3 ACL Example
Scenario 1:
The user has the following configuration requirement: port 10 of the switch connects to
10.0.0.0/24 segment, ftp is not desired for the user.
Configuration description:
1. Create a proper ACL
2. Configuring packet filtering function
3. Bind the ACL to the port
The configuration steps are listed below:
Switch(config)#access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21
Switch(config)#firewall enable
Switch(config)#interface ethernet 1/10
Switch(Config-If-Ethernet1/10)#ip access-group 110 in
Switch(Config-If-Ethernet1/10)#exit
Switch(config)#exit
Physical interface mode: Applies an
access-list to the specified direction on
the port; the no command deletes the
access-list bound to the port.
VLAN interface mode: Applies an
access-list to the specified direction on
the port of VLAN; the no command
deletes the access-list bound to the port
of VLAN.When the acl of ipv6 is applied
by this switch, it only supports the
standard acl of ipv6.
Explanation
Clear the filtering information of the specified
port.
41-128
Advertisement
Table of Contents
Troubleshooting
