DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-14
1.4.2 Configuring Extended
Expert ACL
The configuration of an expert access list includes the following steps:
1. Define an expert access list
2. Apply the access list to a specific interface (application particular case)
There are two methods to configure an expert access list.
Method 1: Run the following command in the global configuration mode:
Command Function
DES-7200 (config)# access-list id {deny | permit}
[prot | {[ethernet-type] [cos cos]}] [VID vid] {src
src-wildcard | host src | interface idx} {host
src-mac-addr | any} {dst dst-wildcard | host dst |
any}{host dst-mac-addr | any}] [precedence
precedence] [tos tos] [ dscp dscp] [fragment]
[time-range tm-rng-name]
Define an access list. For details
about commands, please see
command reference.
DES-7200(config)# interface interface
Select the interface to which the
access list is to be applied.
DES-7200(config-if)# expert access-group id {in |
out } [unreflect]
Apply the access list to the specific
interface
Method 2: Run the following command in the ACL configuration mode:
Command Function
DES-7200(config)# expert access-list extended
{id|name}
Enter the access list configuration
mode
DES-7200 (config-exp-nacl)# [sn]{ permit |
deny }[prot | {[ethernet-type] [cos cos]}] [VID vid]
{src src-wildcard | host src | interface idx}{host
src-mac-addr | any} {dst dst-wildcard | host dst |
any} {host dst-mac-addr | any}][precedence
precedence] [tos tos] [ dscp dscp] [fragment]
[time-range tm-rng-name]
Add table entries for ACL. For details
about commands, please see
command reference.
DES-7200(config-exp-nacl)# exit
DES-7200(config)# interface interface
Exit from the access control list mode
and select the interface to which the
access list is to be applied.
DES-7200(config-if)# expert access-group
{id|name} {in|out} [unreflect]
Apply the access list to the specific
interface