Dell PowerConnect 6248 Configuration Guide - Page 116
Configuring a MAC ACL, Step 3: Apply the Rule to Outbound Egress Traffic on Port 1/g2
View all Dell PowerConnect 6248 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 116 highlights
Step 1: Create an ACL and Define an ACL Rule This command creates an ACL named list1 and configures a rule for the ACL. After the mask has been applied, it permits packets carrying TCP traffic that matches the specified Source IP address, and sends these packets to the specified Destination IP address. console#config console(config)#access-list list1 permit tcp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.0 Step 2: Define the Second Rule for ACL 179 Define the rule to set similar conditions for UDP traffic as for TCP traffic. console(config)#access-list list1 permit udp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.255 console(config)#exit Step 3: Apply the Rule to Outbound (Egress) Traffic on Port 1/g2 Only traffic matching the criteria will be accepted. console(config)#interface ethernet 1/g2 console(config-if-1/g2)#ip access-group list1 out console(config-if-1/g2)#exit Configuring a MAC ACL The following steps configure a MAC ACL that denies traffic with any MAC address access to hosts with a MAC address of 00:11:22:33:XX:XX, where XX is any hexadecimal value (1-F). The log parameter specifies that the system should keep track of the number of times the rule is applied to traffic that meets the rule criteria. When a frame entering the port matches the rule, the rule hit counter increments. Every five minutes the ACL application checks the counter. If the counter indicates that the rule has been applied since the last time it was checked, the ACL application logs a message indicating which rule was applied and how many times it was hit during that time period. The rule is applied to interface 1/g5 in the inbound direction and has a priority value of 6 (the lower the number, the higher the priority). Step 1: Set up a MAC Access List console#config console(config)#mac access-list extended mac1 console(config)#exit Step 2: Specify the MAC ACL Attributes console(config-mac-access-list)#deny any 00:11:22:33:44:55 00:00:00:00:FF:FF log Step 3: Configure a MAC Access Group console(config)#interface ethernet 1/g5 console(config-if-1/g5)#mac access-group mac1 in 6 116 Device Security