SMC Networks TIGERSWITCH SMC6752AL2 ユーザーズマニュアル
C
OMMAND
L
INE
I
NTERFACE
4-118
•
This switch supports ACLs for ingress filtering only. You can only
bind one IP ACL to any port and one MAC ACL globally for
ingress filtering. In other words, only two ACLs can be bound to an
interface - Ingress IP ACL and Ingress MAC ACL.
bind one IP ACL to any port and one MAC ACL globally for
ingress filtering. In other words, only two ACLs can be bound to an
interface - Ingress IP ACL and Ingress MAC ACL.
The order in which active ACLs are checked is as follows:
1. User-defined rules in the Ingress MAC ACL for ingress ports.
2. User-defined rules in the Ingress IP ACL for ingress ports.
3. Explicit default rule (permit any any) in the ingress IP ACL for ingress
1. User-defined rules in the Ingress MAC ACL for ingress ports.
2. User-defined rules in the Ingress IP ACL for ingress ports.
3. Explicit default rule (permit any any) in the ingress IP ACL for ingress
ports.
4. Explicit default rule (permit any any) in the ingress MAC ACL for
ingress ports.
5. If no explicit rule is matched, the implicit default is permit all.
IP ACLs
Table 4-33 Access Control Lists
Command
Groups
Groups
Function
Page
IP ACLs
Configures ACLs based on IP addresses, TCP/UDP
port number, protocol type, and TCP control code
port number, protocol type, and TCP control code
MAC ACLs
Configures ACLs based on hardware addresses, packet
format, and Ethernet type
format, and Ethernet type
ACL Information Displays ACLs and associated rules; shows ACLs
assigned to each port
Table 4-34 IP ACLs
Command
Function
Mode
Page
access-list ip
Creates an IP ACL and enters configuration
mode
mode
GC
permit, deny
Filters packets matching a specified source
IP address
IP address
STD-ACL 4-120
permit, deny
Filters packets meeting the specified criteria,
including source and destination IP address,
TCP/UDP port number, protocol type, and
TCP control code
including source and destination IP address,
TCP/UDP port number, protocol type, and
TCP control code
EXT-ACL 4-122