Configuring Mac Extended Acl Using Cli; Applying Acls To Interfaces; Configuring Port Acls - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

10-8 WS5100 Series Switch Migration Guide

1. To configure numbered IP Extended ACL.

WS5100(config)#access-list 2 deny ip host 1.2.3.4 any rule-precedence 10

WS5100(config)#access-list 2 permit tcp any host 2.3.4.5 eq 80 rule-precedence

WS5100(config)#access-list 2 deny icmp any host 2.3.4.5 rule-precedence 30

2. To configure named IP Extended ACL.

WS5100(config)#ip access-list extended ipextacl

WS5100(config-ext-nacl)#deny ip host 1.2.3.4 any rule-precedence 10

WS5100(config-ext-nacl)#permit tcp any host 2.3.4.5 eq 80 rule-precedence 20

WS5100(config-ext-nacl)#deny icmp any host 2.3.4.5 rule-precedence 30

10.4.1.3 Configuring MAC Extended ACL using CLI

MAC Extended ACLs contain rules based on the following parameters:

• Source MAC address

• Destination MAC address

• Ethertype– accepts well known types like IP, ARP, VLAN or an integer value between 1-65535.

• VLAN-ID

• VLAN 802.1p user priority

Source and Destination MAC address are mandatory parameters.

Execute the following CLI commands to configure a MAC extended ACL with different rule parameters on

WS5100 switch:

WS5100(config)#mac access-list extended macextacl

WS5100(config-ext-macl)#permit 00:a0:f8:00:00:00 ff:ff:ff:00:00:00 any rule-

precedence 10

WS5100(config-ext-macl)#deny any any type arp rule-precedence 20

WS5100(config-ext-macl)#deny any any vlan 23 rule-precedence 30

10.4.2 Applying ACLs to Interfaces

ACLs can be applied to either an Ethernet or VLAN interface to filter packets coming IN from the interface.

When ACLs (IP or MAC) are applied to

when IP ACLs are applied to

10.4.2.1 Configuring Port ACLs

Port ACLs filter packets which get switched in the same VLAN. Hence they should be applied on appropriate

Ethernet interfaces, when the administrator wants to control traffic between hosts in the same VLAN. Port

ACLs are not flow aware. The Port ACL rules are applied on every individual packet coming in through a

particular interface. When allowing a certain MU or wired host, you should also add rules to allow return

traffic from the MU or wired host.

Ethernet interfaces

VLAN interfaces

like— vlan1, vlan2 etc., they are called Router ACLs.

i.e. eth1 and eth2, they are called Port ACLs and

Table of Contents

Configuring Mac Extended Acl Using Cli; Applying Acls To Interfaces; Configuring Port Acls - Motorola WS5100 Series Migration Giude

10.4.1.3 Configuring MAC Extended ACL using CLI

10.4.2 Applying ACLs to Interfaces

10.4.2.1 Configuring Port ACLs

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents