Технические ссылки для Cisco Cisco SF300-24MP 24-port 10 100 Max-PoE Managed Switch

ACL Commands

78-21485-01 Command Line Interface Reference Guide

843

48

User Guidelines

The following rules govern when ACLs can be bound or unbound from an 
interface:

•

IPv4 ACLs and IPv6 ACLs can be bound together to an interface.

•

A MAC ACL cannot be bound on an interface which already has an IPv4 
ACL or IPv6 ACL bound to it.

•

Two ACLs of the same type cannot be bound to a port.

•

An ACL cannot be bound to a port that is already bound to an ACL, without 
first removing the current ACL. Both ACLs must be mentioned at the same 
time in this command.

•

MAC ACLs that include a VLAN as match criteria cannot be bound to a 
VLAN.

•

ACLs with time-based configuration on one of its ACEs cannot be bound to 
a VLAN. 

•

ACLs with the action Shutdown cannot be bound to a VLAN.

•

When the user binds ACL to an interface, TCAM resources will be 
consumed. One TCAM rule for each MAC or IP ACE and two TCAM rules for 
each IPv6 ACE. TCAM consumption is always an even number, so when an 
odd number of rules is used, consumption is increased by 1.

Example

switchxxxxxx(config)# mac access-list extended server-acl

switchxxxxxx(config-mac-al)# permit 00:00:00:00:00:01 00:00:00:00:00:ff any

switchxxxxxx(config-mac-al)# exit

switchxxxxxx(config)# interface gi

1

switchxxxxxx(config-if)# service-acl input server-acl default-action deny-any

Use the time-range Global Configuration mode command to define time ranges for 
functions or ACLs. In addition, this command enters the Time-range Configuration 
mode. All commands after this one refer to the time-range being defined.