configure access-list

configure access-list aclname [any | ports port_list | vlan vlan_name] {ingress | egress}

Description

Configures an access list to the specified interface.

Syntax Description

aclname Specifies the ACL policy file name.
any Specifies that this ACL is applied to all interfaces as the lowest precedence ACL.
port_list Specifies the ingress or egress port list on which the ACL is applied.
vlan_name Specifies the VLAN on which the ACL is applied.
ingress Apply the ACL to packets entering the switch on this interface.
egress Apply the ACL to packets leaving the switch from this interface. (ExtremeSwitching X460-G2, X670-G2, X440-G2, X465, X620 series switches only).

Default

The default direction is ingress.

Usage Guidelines

The access list applied in this command is contained in a text file created either externally to the switch or using the edit policy command. The file is transferred to the switch using TFTP before it is applied to the ports. The ACL name is the file name without its “.pol” extension. For example, the ACL blocknetfour would be in the file blocknetfour.pol.

Specifying the keyword any applies the ACL to all the ports, and is referred to as the wildcard ACL. This ACL is evaluated for ports without a specific ACL applied to it, and is also applied to packets that do not match the ACL applied to the interface.

Example

The following command configures the ACL policy test to port 1:2 at ingress:

configure access-list test ports 1:2

The following command configures the ACL mydefault as the wildcard ACL:

configure access-list mydefault any

The following command configures the ACL policy border as the wildcard egress ACL:

configure access-list border any egress

History

This command was first available in ExtremeXOS 10.1.

The VLAN option was first available in ExtremeXOS 11.0.

The egress option was first available in ExtremeXOS 11.3.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.