Patton electronic SmartNode 4110 Series ユーザーズマニュアル

Access control list configuration task list

SmartWare Software Configuration Guide 

Unbind an access control list profile from an interface.

node(cfg)#context ip router
node(cfg-ip)[router]#interface wan
node(cfg-if)[wan]#no use profile acl in

When unbinding an access control list profile the name argument is not 
required, since only one incoming and outgoing access control list can be 
active at the same time on a certain IP interface.

The show profile acl command displays the indicated access control list profile. If no specific profile is selected 
all installed access control list profiles are shown. If an access control list is linked to an IP interface the number 
of matches for each rule is displayed. If the access control list profile is linked to more than one IP interface, it 
will be shown for each interface.

This procedure describes how to display a certain access control list profile

Mode: Administrator execution or any other mode, except the operator execution mode

Example: Displaying an access control list entries 

The following example shows how to display the access control list profile named WanRx.

node#show profile acl WanRx
IP access-list WanRx. Linked to router/wan/in.
    deny icmp any any msg echo
    permit ip 62.1.2.3 0.0.255.255 host 193.14.2.11
    permit ip 97.123.111.0 0.0.0.255 host 193.14.2.11
    permit tcp any host 193.14.2.10 eq 80
    permit udp host 62.1.2.3 host 193.14.2.11 range 1024 2048
    deny ip any any

The 

 command is used to debug the access control list profiles during system operation. Use the 

 

form of this command to disable any debug output.

This procedure describes how to debug the access control list profiles

Mode: Administrator execution or any other mode, except the operator execution

This procedure describes how to activate the debug level of an access control list profiles for a specific interface. 

Displays the access control list profile name

Enables access control list debug monitor