DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
301
interfaces.
,
(Optional) Specifies a series of physical interfaces. No space before
and after the comma.
-
(Optional) Specifies a series of physical interfaces. No space before
and after the comma.
all
Specifies that in the
no
form of this command, to remove all matching
ingress interface(s).
Default
None.
Command Mode
Software ACL Filter Map Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
A software ACL filter map will be activated when there is one or more matching interface(s) are
configured. In other words, if no matching interface is configured, this filter map won’t take effect.
When a packet is received at CPU and the ingress interface is configured in a software ACL filter map,
the switch will look up the associated access list(s) of the corresponding filter map.
The associated access list with the highest priority in the filter map will be checked at first. Once match is
found, the other ACL access list(s) will be ignored. Otherwise, the access list with the next highest priority
will be looked up and so on.
Within an access list, the similar checking sequence is used. The rule with a smaller sequence number
takes higher precedence. Once match is found, others will be ignored.
Finally, if no match is found, the packet will be permitted, and it can be continually processed by other
functions.
If the matching action is ‘permit’, it will be passed to other functions. Else if the action is ‘drop’, the packet
will be dropped.
In other words, the action of software ACL is based on the explicitly configured permit/deny entry. A
packet is permitted if it does not match any explicit permit or deny rule.
An interface can belong to at most one filter map. When an interface is configured to a new filter map, the
interface will be removed from the previous filter map.
Example
This example shows how to configure a matching interface, Ethernet 1/0/1, to the software ACL filter map,
“cpu_filter”.
Switch# configure terminal
Switch(config)# ip access-list cpu-acl
Switch(config-ip-acl)# permit 10.20.0.0 255.255.0.0
Switch(config-ip-acl)# exit
Switch(config)# mac access-list extended mac4001
Switch(config-mac-ext-acl)# 25 deny host 0013.0049.8272 any
Switch(config-mac-ext-acl)# exit
Switch(config)# soft-acl filter-map cpu_filter
Switch(config-soft-acl)# 2 match ip access-group cpu-acl
Switch(config-soft-acl)# 3 match mac access-group mac4001
Switch(config-soft-acl)# match interface ethernet 1/0/1
Switch(config-soft-acl)#
Summary of Contents for DXS-3600 Series
Page 1: ......
Page 423: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 418 ...
Page 548: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 543 ...
Page 673: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 668 ...
Page 712: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 707 Switch ...
Page 845: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 840 ...
Page 884: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 879 ...
Page 1152: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1147 ...