configure access-list network-zone

configure access-list network-zone zone_name [add | delete] [mac-address macaddress {macmask} | ipaddress [ipaddress {netmask} | ipNetmask | ipv6_address_mask]]

Description

Adds or removes IP and MAC addresses to and from the network-zone.

Syntax Description

network-zone Logical group of remote devices.
zone_name Specifies the network-zone name.
add Adds a logical group of entities to the network-zone.
delete Deletes a logical group of entities to the network-zone.
mac-address MAC address.
macaddress Specifies the MAC address to be added/removed to/from the network-zone.
macmask Specifies the MAC Mask. Example FF:FF:FF:00:00:00.
ipaddress Specifies IPv4 address.
ipaddress Specifies the IP address.
netmask Specifies IP netmask.
ipNetmask Specifies the IP address/Netmask.
ipv6_address_mask Specifies IPv6 address/IPv6 prefix length.

Default

N/A.

Usage Guidelines

Use this command to to add or remove IP/MAC addresses to/from the network-zone.

Example

The following command adds an IPv6 IP address to network-zone “zone1”:

Switch# configure access-list network-zone zone1 add ipaddress
11.1.1.1/32

If you try to add the same IP/MAC with the same or narrow mask, the configuration is rejected, with the following error message.

Switch #configure access-list network-zone "zone1" add ipaddress 11.1.1.1/24
Error:  Network Zone "zone1" - Zone already has the same entity value with same or wider mask.

If you try to add more than eight attributes to a network-zone, the following error message is printed.

Switch #configure access-list network-zone "zone1" add ipaddress 11.1.1.1/24
Error:  Network Zone "zone1" - Reached maximum number of attributes. Unable to add more.

History

This command was first available in ExtremeXOS 15.2.

Platform Availability

This command is available on all Universal switches supported in this document.