Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH ユーザーズマニュアル
Chapter 12. Policy Manager
|
297
NETGEAR 8800 User Manual
Would you like to perform a full refresh?
If blackhole is enabled, you will see the following prompt:
Note, the current setting for Access-list Refresh Blackhole is Enabled.
Would you like to perform a full refresh?
To take advantage of Smart Refresh, disable access-list refresh blackholing.
Applying Policies
ACL policies and routing policies are applied using different commands.
Applying ACL Policies
A policy intended to be used as an ACL is applied to an interface, and the CLI command
option is named
option is named
<aclname>
. Supply the policy name in place of the <
aclname
> option. To apply
an ACL policy, use the following command:
configure access-list <aclname> [any | ports <portlist> | vlan <vlanname>]
{ingress | egress}
When you use the
any
keyword, the ACL is applied to all the interfaces and is referred to as
the wildcard ACL. This ACL is evaluated for any ports without specific ACLs, and it is also
applied to any packets that do not match the specific ACLs applied to the interfaces.
applied to any packets that do not match the specific ACLs applied to the interfaces.
When an ACL is already configured on an interface, the command is rejected and an error
message is displayed.
message is displayed.
To remove an ACL from an interface, use the following command:
unconfigure access-list <policy-name> {any | ports <portlist> | vlan
<vlanname>} {ingress | egress}
To display the interfaces that have ACLs configured and the ACL that is configured on each,
use the following command:
use the following command:
show access-list {any | ports <portlist> | vlan <vlanname>} {ingress | egress}
Applying Routing Policies
To apply a routing policy, use the command appropriate to the client. Different protocols
support different ways to apply policies, but there are some generalities.
support different ways to apply policies, but there are some generalities.
Commands that use the keyword
import-policy
are used to change the attributes of routes
installed into the switch routing table by the protocol. These commands cannot be used to
determine the routes to be added to the routing table. The following are examples for the
BGP and RIP protocols:
determine the routes to be added to the routing table. The following are examples for the
BGP and RIP protocols:
configure bgp import-policy [<policy-name> | none]
configure rip import-policy [<policy-name> | none]