Preface
- Text Conventions
- Platform-Dependent Conventions
- Providing Feedback to Us
- Getting Help
- Documentation and Training
About This Guide
- ABOUT THIS GUIDE
  - Notational Conventions
Introduction
- WiNG CLI Structure
User Exec Mode Commands
- USER EXEC MODE COMMANDS
  - user-exec-commands
Privileged Exec Mode Commands
- PRIVILEGED EXEC MODE COMMANDS
  - privileged-exec-commands
Global Configuration Mode Commands
- GLOBAL CONFIGURATION COMMANDS
  - global-config-commands
Common Commands
- COMMON COMMANDS
  - common-commands
    - clrscr
    - commit
    - exit
    - help
    - no
    - revert
    - service
    - show
    - write
Show Commands
- SHOW COMMANDS
  - show-commands
    - show
    - adoption
    - bluetooth
    - boot
    - bonjour
    - captive-portal
    - captive-portal-page-upload (show commands)
    - cdp
    - classify-url
    - clock
    - cluster
    - cmp-factory-certs
    - commands
    - context
    - critical-resources
    - crypto
    - database
    - device-upgrade
    - dot1x
    - dpi
    - environmental-sensor
    - event-history
    - event-system-policy
    - ex3500
    - extdev
    - fabric-attach
    - file
    - file-sync
    - firewall
    - global
    - gps (show command)
    - gre
    - guest-registration
    - interface
    - iot-device-type-imagotag
    - ip
    - ip-access-list-stats
    - ipv6
    - ipv6-access-list
    - l2tpv3
    - lacp
    - ldap-agent
    - licenses
    - lldp
    - logging
    - mac-access-list-stats
    - mac-address-table
    - macauth
    - mac-auth-clients
    - mint
    - ntp
    - password-encryption
    - pppoe-client
    - privilege
    - radius
    - reload
    - rf-domain-manager
    - role
    - route-maps
    - rtls
    - running-config
    - session-changes
    - session-config
    - sessions
    - site-config-diff
    - smart-rf
    - snmpv3 (show command)
    - spanning-tree
    - startup-config
    - t5
    - terminal
    - timezone
    - traffic-shape
    - tron (show command)
    - upgrade-status
    - version
    - vrrp
    - virtual-machine
    - wireless
    - web-filter
    - what
    - wwan
Profile Commands
- PROFILES
AAA Policy
- AAA-POLICY
  - aaa-policy-commands
Auto-Provisioning Policy
- AUTO-PROVISIONING-POLICY
  - auto-provisioning-policy-commands
Association-ACL Policy
- ASSOCIATION-ACL-POLICY
  - Association-acl-policy-commands
    - deny
    - permit
    - no
Access-List Policy
- ACCESS-LIST
DHCP Policy
- DHCP-SERVER-POLICY
  - dhcp-server-policy commands
  - dhcpv6-server-policy commands
Firewall Policy
- FIREWALL-POLICY
  - firewall-policy-commands
    - acl-logging
    - alg
    - clamp
    - dhcp-offer-convert
    - dns-snoop
    - firewall
    - flow
    - ip
    - ip-mac
    - ipv6
    - ipv6-mac
    - logging
    - proxy-arp
    - proxy-nd
    - stateful-packet-inspection-12
    - storm-control
    - virtual-defragmentation
    - no
MiNT Policy
- MINT-POLICY
  - mint-policy-commands
    - level
    - lsp
    - mtu
    - router
    - udp
    - no
Management Policy
- MANAGEMENT-POLICY
  - management-policy-commands
RADIUS Policy
- RADIUS-POLICY
  - radius-group
    - guest
    - policy
    - rate-limit
    - no
  - radius-server-policy
    - authentication
    - bypass
    - chase-referral
    - crl-check
    - ldap-agent
    - ldap-group-verification
    - ldap-server
    - local
    - nas
    - proxy
    - session-resumption
    - termination
    - use
    - no
  - radius-user-pool-policy
    - duration
    - user
    - no
Radio QoS Policy
- RADIO-QOS-POLICY
  - radio-qos-policy-commands
Role Policy
- ROLE-POLICY
  - role-policy-commands
Smart-RF Policy
- SMART-RF-POLICY
  - smart-rf-policy commands
WIPS Policy
- WIPS-POLICY
  - wips-policy-commands
WLAN QoS Policy
- WLAN-QOS-POLICY
  - WLAN-QOS-Policy commands
L2TPv3 Policy
- L2TPV3-POLICY
Router Mode Commands
- ROUTER-MODE
  - router-mode-commands
Routing Policy
- ROUTING-POLICY
  - routing-policy-commands
AAA_TACACS Policy
- AAA-TACACS-POLICY
  - aaa-tacacs-policy-commands
Meshpoint Policy
- MESHPOINT
Passpoint Policy
- PASSPOINT POLICY
  - passpoint-policy
Crypto-CMP Policy
- CRYPTO-CMP-POLICY
  - crypto-cmp-policy-instance
  - other-cmp-related-commands
    - use (other-cmp-related-commands)
    - show (other-cmp-related-commands)
Roaming-Assist Policy
- ROAMING ASSIST POLICY
  - roaming-assist-policy commands
Border Gateway Policy
- BORDER GATEWAY PROTOCOL
Controller Managed WLAN Use Case
- CREATING A FIRST CONTROLLER MANAGED WLAN

ex3500-ext-access-list

An IPv4 EX3500 extended ACL is a policy-based ACL that either prevents or allows specific clients from using the EX3500 (EX3524 or EX3548) switch. It allows you to permit or deny client access by specifying that the traffic from a specific host or network and/or the traffic to a specific host or network be either denied or permitted.

An EX3500 extended ACL consists of a set of deny /permit rules that filter packets based on both source and destination IPv4 addresses. Each rule specifies a set of match criteria (the source and destination IP addresses) and has a unique precedence value assigned. These ACL rules are applied sequentially to the traffic at a port, by a firewall-supported device, in an increasing order of their precedence. When a packet matches the criteria specified in a rule the packet is either forwarded or dropped based on the rule type.

The following table summarizes IPv4 EX3500 extended ACL configuration commands:

EX3500 Extended Access List Config Mode Commands

Command	Description
deny (ex3500-ext acl)	Creates a deny access rule or modifies an existing rule. A deny access rule rejects packets from specified address(es) and/or destined to specified address(es).
permit (ex3500-ext acl)	Creates a permit access rule or modifies an existing rule. A permit access rule accepts packets from specified address(es) and/or destined to specified address(es).
no (ex3500-ext acl)	Removes a deny and/or a permit access rule from this IPv4 EX3500 extended ACL

Note

To implement the EX3500 extended ACL, apply it directly to a EX35XX device, or to an EX35XX profile. For more information, see access-group.

Published June 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback