configure access-list network-zone

configure access-list network-zone zone_name [add | delete] [mac-address macaddress {macmask} | ipaddress [ipaddress {netmask} | ipNetmask | ipv6_address_mask]]

Description

Adds or removes IP and MAC addresses to and from the network-zone.

Syntax Description

network-zone Logical group of remote devices.
zone_name Specifies the network-zone name.
add Adds a logical group of entities to the network-zone.
delete Deletes a logical group of entities to the network-zone.
mac-address MAC address.
macaddress Specifies the MAC address to be added/removed to/from the network-zone.
macmask Specifies the MAC Mask. Example FF:FF:FF:00:00:00.
ipaddress Specifies IPv4 address.
ipaddress Specifies the IP address.
netmask Specifies IP netmask.
ipNetmask Specifies the IP address/Netmask.
ipv6_address_mask Specifies IPv6 address/IPv6 prefix length.

Default

N/A.

Usage Guidelines

Use this command to to add or remove IP/MAC addresses to/from the network-zone.

Example

The following command adds an IPv6 IP address to network-zone “zone1”:

Switch# configure access-list network-zone zone1 add ipaddress
11.1.1.1/32

If you try to add the same IP/MAC with the same or narrow mask, the configuration is rejected, with the following error message.

Switch #configure access-list network-zone "zone1" add ipaddress 11.1.1.1/24
Error:  Network Zone "zone1" - Zone already has the same entity value with same or wider mask.

If you try to add more than eight attributes to a network-zone, the following error message is printed.

Switch #configure access-list network-zone "zone1" add ipaddress 11.1.1.1/24
Error:  Network Zone "zone1" - Reached maximum number of attributes. Unable to add more.

History

This command was first available in ExtremeXOS 15.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5420, and 5520 series switches.