Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-12
Method 2: Run the following command in the ACL configuration mode:
Command Function
DES-7200(config)# mac access-list
extended {id | name}
Enter the access list configuration mode
DES-7200 (config-mac-nacl)# [sn] { permit |
deny }{any | host src-mac-addr} {any | host
dst-mac-addr} [ethernet-type] [cos cos]
Add table entries for ACL. For details about
commands, please see command
reference.
DES-7200(config-mac-nacl)# exit
DES-7200(config)# interface interface
Exit from the access control list mode and
select the interface to which the access list
is to be applied.
DES-7200(config-if)# mac access-group {id |
name} { in | out}
Apply the access list to the specific
interface
Note
Method 1 only configures the numerical value ACL. Method 2 can
configure names and numerical value ACL and specify the priorities of
table entries (they support priority ACE products).
1.3.3 Showing Configuration of
MAC Extended Access List
To monitor access lists, please run the following command the in privileged mode:
Command Function
DES-7200# show access-lists [ id | name ]
Show the basic access list.
1.3.4 MAC Extended Access List
Example
It is required to implement the following security functions by configuring MAC access
lists:
1. The 0013.2049.8272 host using the ipx protocol cannot access the giga 0/1 port
of a device.
2. It can access other ports.
Configure an Ethernet port, apply the access list 101 on the Ethernet port and check all
the messages passing in and out on the port.
DES-7200> enable
DES-7200# configure terminal