Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-15
Note
Method 1 only configures the numerical value ACL. Method 2 can
configure names and the numerical value ACL. In a version supporting
priority table entries, method 2 can also specify the priorities of table
entries (the [sn] option in a command).
Note
For DES-7200, the extended Expert ACL does not support the neq
matching of TCP/UDP at L4 port.
By default, with the IP extend ACL applied on the interface, the
reflect ACL is enabled. You can use the unreflect command to
disable the reflect ACL.
1.4.3 Showing Configuration of
Extended Expert ACL
To monitor access lists, please run the following command the in privileged user mode:
Command Function
DES-7200# show access-lists [ id | name ]
Show the expert access list.
1.4.4 Expert Extended Access List
Example
It is required to implement the following security functions by configuring expert access
lists:
The 0013.2049.8272 host using vlan 20 cannot access the giga 0/1 port of a device.
It cannot access other ports.
DES-7200> enable
DES-7200# config terminal
DES-7200(config)# expert access-list extended expert-list
DES-7200(config-exp-nacl)# permit ip vid 20 any host 0013.2049.8272 any any
DES-7200(config-exp-nacl)# deny any any any any
DES-7200(config-exp-nacl)# exit
DES-7200(config)# interface gigabitEthernet 0/1
DES-7200(config-if)# expert access-group expert-list in
DES-7200(config-if)# end
DES-7200# show access-lists
expert access-list extended expert-list
petmit ip vid 20 any host 0013.2049.8272 any any
deny any any