Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH ユーザーズマニュアル
Chapter 13. ACLs
|
313
NETGEAR 8800 User Manual
Dynamic ACLs
Dynamic ACLs are created using the CLI. They use a similar syntax and can accomplish the
same actions as single rule entries used in ACL policy files. More than one dynamic ACL can
be applied to an interface, and the precedence among the dynamic ACLs can be configured.
By default, the priority among dynamic ACLs is established by the order in which they are
configured.
same actions as single rule entries used in ACL policy files. More than one dynamic ACL can
be applied to an interface, and the precedence among the dynamic ACLs can be configured.
By default, the priority among dynamic ACLs is established by the order in which they are
configured.
Note:
Dynamic ACLs have a higher precedence than ACLs applied using
a policy file.
The steps involved in using a dynamic ACL on an interface are:
Creating the Dynamic ACL Rule
Creating a dynamic ACL rule is similar to creating an ACL policy file rule entry. You specify
the name of the dynamic ACL rule, the match conditions, and the actions and
action-modifiers. You can configure a dynamic ACL to be persistent or non-persistent across
system reboots. The match conditions, actions, and action-modifiers are the same as those
that are available for ACL policy files (see
the name of the dynamic ACL rule, the match conditions, and the actions and
action-modifiers. You can configure a dynamic ACL to be persistent or non-persistent across
system reboots. The match conditions, actions, and action-modifiers are the same as those
that are available for ACL policy files (see
on page 300). In contrast to the
ACL policy file entries, dynamic ACLs are created directly in the CLI. Use the following
command to create a dynamic ACL:
command to create a dynamic ACL:
create access-list <dynamic-rule> <conditions> <actions> {non-permanent}
As an example of creating a dynamic ACL rule, compare an ACL policy file entry with the CLI
command that creates the equivalent dynamic ACL rule. The following ACL policy file entry
will drop all ICMP echo-requests:
command that creates the equivalent dynamic ACL rule. The following ACL policy file entry
will drop all ICMP echo-requests:
entry icmp-echo {
if {
protocol icmp;
icmp-type echo-request;
} then {
deny;
}
}
To create the equivalent dynamic ACL rule, use the following command:
create access-list icmp-echo “protocol icmp;icmp-type echo-request” “deny”