SMC Networks TIGERSWITCH SMC6752AL2 Manual De Usuario
C
ONFIGURING
THE
S
WITCH
3-84
CLI – This example adds two rules:
1. Accept any incoming packets if the source address is in subnet 10.7.1.x.
1. Accept any incoming packets if the source address is in subnet 10.7.1.x.
For example, if the rule is matched; i.e., the rule (10.7.1.0 &
255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0),
the packet passes through.
255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0),
the packet passes through.
2. Allow TCP packets from class C addresses 192.168.1.0 to any
destination address when set for destination TCP port 80 (i.e., HTTP).
3. Permit all TCP packets from class C addresses 192.168.1.0 with the
TCP control code set to “SYN.”
Configuring a MAC ACL
Command Attributes
•
Action – An ACL can contain any combination of permit or deny
rules.
rules.
•
Source/Destination Address Type – Use “Any” to include all
possible addresses, “Host” to indicate a specific MAC address, or
“MAC” to specify an address range with the Address and Bitmask
fields. (Options: Any, Host, MAC; Default: Any)
possible addresses, “Host” to indicate a specific MAC address, or
“MAC” to specify an address range with the Address and Bitmask
fields. (Options: Any, Host, MAC; Default: Any)
•
Source/Destination MAC Address – Source or destination MAC
address.
address.
•
Source/Destination Bitmask – Hexidecimal mask for source or
destination MAC address.
destination MAC address.
•
VID – VLAN ID. (Range: 1-4094)
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
destination-port 80
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
control-flag 2 2
Console(config-std-acl)#