Configures an access list to the specified interface.
| aclname | Specifies the ACL (Access Control List) policy file name. |
| any | Specifies that this ACL is applied to all interfaces as the lowest precedence ACL. |
| port_list | Specifies the ingress or egress port list on which the ACL is applied. |
| vlan_name | Specifies the VLAN (Virtual LAN) on which the ACL is applied. |
| ingress | Apply the ACL to packets entering the switch on this interface. |
| egress | Apply the ACL to packets leaving the switch from this interface. (Summit X460-G2, X670-G2, X770 and ExtremeSwitching X440-G2, X620 series switches only). |
The default direction is ingress.
The access list applied in this command is contained in a text file created either externally to the switch or using the edit policy command. The file is transferred to the switch using TFTP before it is applied to the ports. The ACL name is the file name without its “.pol” extension. For example, the ACL blocknetfour would be in the file blocknetfour.pol.
Specifying the keyword any applies the ACL to all the ports, and is referred to as the wildcard ACL. This ACL is evaluated for ports without a specific ACL applied to it, and is also applied to packets that do not match the ACL applied to the interface.
The following command configures the ACL policy test to port 1:2 at ingress:
configure access-list test ports 1:2
The following command configures the ACL mydefault as the wildcard ACL:
configure access-list mydefault any
The following command configures the ACL policy border as the wildcard egress ACL:
configure access-list border any egress
This command was first available in ExtremeXOS 10.1.
The VLAN option was first available in ExtremeXOS 11.0.
The egress option was first available in ExtremeXOS 11.3.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB