ex3500-ext-access-list

An IPv4 EX3500 extended ACL is a policy-based ACL that either prevents or allows specific clients from using the EX3500 (EX3524 or EX3548) switch. It allows you to permit or deny client access by specifying that the traffic from a specific host or network and/or the traffic to a specific host or network be either denied or permitted.

An EX3500 extended ACL consists of a set of deny /permit rules that filter packets based on both source and destination IPv4 addresses. Each rule specifies a set of match criteria (the source and destination IP addresses) and has a unique precedence value assigned. These ACL rules are applied sequentially to the traffic at a port, by a firewall-supported device, in an increasing order of their precedence. When a packet matches the criteria specified in a rule the packet is either forwarded or dropped based on the rule type.

The following table summarizes IPv4 EX3500 extended ACL configuration commands:
Click to expand in new window

EX3500 Extended Access List Config Mode Commands

Command Description
deny (ex3500-ext acl) Creates a deny access rule or modifies an existing rule. A deny access rule rejects packets from specified address(es) and/or destined to specified address(es).
permit (ex3500-ext acl) Creates a permit access rule or modifies an existing rule. A permit access rule accepts packets from specified address(es) and/or destined to specified address(es).
no (ex3500-ext acl) Removes a deny and/or a permit access rule from this IPv4 EX3500 extended ACL
Note

Note

To implement the EX3500 extended ACL, apply it directly to a EX3500 device, or to an EX3500 profile. For more information, see GUID-165BDC09-66E9-4193-B3D1-805296F465BB.