158
4.4. Access Control Configuration
Configure access control in "Global configuration mode."
When using both access control and link aggregation functions, assign a practical physical port
number to a port list, not a logical port created in link aggregation.
Command to show the classifier configuration
M24eG#
show AccessControl classifier {all | <classifier-number>}
Command to show the in-profile configuration
M24eG#
show AccessControl inprofile
Command to show the out-profile configuration
M24eG#
show AccessControl outprofile
Command to show the port list configuration
M24eG#
show AccessControl portlist
Command to show the policy configuration
M24eG#
show AccessControl policy {all | <policy-number>}
Command to show the policy sequence configuration
M24eG#
show AccessControl policy-sequence port <port num> sort {policy-index | sequence}
Command to configure the classifier
M24eG(Config)# AccessControl
classifier
<id>
[src-mac <MAC>]
[dst-mac <MAC>]
[src-net <ip-mask>]
[dst-net <ip-mask>]
[src-port <layer4-port-list>]
[dst-port <layer4-port-list>]
[vlan-id <vid>]
[dot1p-priority <priority>]
[dscp <value>]
[protocol <pro-num>]
[icmp-type <icmptype>]
[tcp-syn-flag{true/false}]
Command to delete the classifier
M24eG(Config)#
no AccessControl classifier <index>
Command to configure the in-profile
M24eG(Config)# AccessControl
inprofile <index> {deny | permit { dscp <dscp-value> | precedence <p-value>|
cos <c-value>}}
Command to delete the in-profile
M24eG(Config)#
no AccessControl inprofile <index>