The match sequence of MSR switch interface to 2 layer ACL?
Q: What’s the match sequence of MSR switch interface to 2 layer ACL?
A:
Because of CMOS, switch interface cannot identify 2 layer ACL status is permit or deny. Do blow configuration.
#
acl number 4000
rule 0 permit dest-mac 0100-5e00-0005 ffff-ffff-ffff
//math destination MAC address 0100-5e00-0005(OSPF Router)
rule 5 permit type 0806 ffff //math type field is 0806(ARP)
rule 10 deny //deny others
#
Because of CMOS cannot identify deny, the ACL configuration equals to permit any. Do below modification. #
acl number 4000
rule 0 permit dest-mac 0100-5e00-0005 ffff-ffff-ffff
//math destination MAC address 0100-5e00-0005(OSPF router)
rule 5 permit type 0806 ffff //math type field is 0806(ARP)
#
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作