D-Link DGS-6604 — iP Access-Group Command Reference for Network Interfaces [262/1106]

Превью страниц Страница 262 / 1106
D-Link DGS-6604 [262/1106] Usage guideline
DGS-6600 Series Switch ip access-group
CLI Reference Guide
252
ip access-group
Use the ip access-group command to specify the IP access list to be applied to
an interface. Use the no form of this command to remove an IP access list.
ip access-group NAME [in]
no ip access-group NAME [in]
Default None.
Command Mode Interface configuration.
Usage Guideline One MAC access list, one IP access list and one IPv6 access list can be applied
to the same interface. An error message is displayed if the user attempts to apply
the second IP access list.
The IP access list must be created before it can be applied to an interface. An
error message is displayed if a list has not yet been created.
The keyword in specifies ingress direction check.
The association of an access group with an interface will consume the filtering
entry resources in the switch controller. If the command is applied successfully,
the number of remaining entries is displayed. If the access group contains a rule
with a port operator (e.g. gt/lt operator), the number of remaining rules for the
port operator is displayed. If the resource is insufficient to commit the command,
an error message is displayed.
There is a limitation on the number of port selectors that can be applied.
If the maximum number of available port selectors is exceeded an error message
is displayed.
Example This example shows how to specify the IP access list Strict-Control as an IP
access group for eth3.2.
Syntax Description
NAME The name of the IP access list to be applied. Up to 32 characters are allowed.
The syntax is a general string that does not allow spaces.
in (Optional) Specifies that the IP access list will be applied to ingress traffic. If no
option is specified, in direction is applied.
Switch(config)#interface eth3.2
Switch(config-if)#ip access-group Strict-Control in
The maximum available entry of IP ACL bind to interface in ingress direction
is:1279
The maximum available port operator (gt/lt) is: 16

Содержание

4839

Learn how to use the ip access-group command to manage IP access lists on network interfaces. Understand limitations and usage guidelines for effective configuration.