Eltex Documentation EN
Быстрые ссылки
Дерево страниц
Перейти к концу метаданных
Переход к началу метаданных

slot <SLOT> access-list mode

This command sets the ACL operation mode for line boards.

Filtering is performed for received traffic for the specified interface.

Syntax

slot <SLOT> access-list mode <MODE>

Parameters

<SLOT> – PLC8 module number, may take values (0..15). You may specify the list of numbers using comma ( , ) or specify the range using hyphen ( - );

<MODE> – filtering list type:

  • whitelist – packets that meet the ACL rules are transmitted;
  • blacklist – packets that meet the ACL rules are discarded.

Command mode

CONFIG

Example

ma4000(config)# slot 13 access-list mode whitelist

slot <SLOT> access-list create

This command creates a new ACL for PLC line cards.

Syntax     

slot <SLOT> access-list create <NAME>

Parameters

<SLOT> – PLC8 module number, may take values (0..15). You may specify the list of numbers using comma ( , ) or specify the range using hyphen ( - );

<NAME> – ACL name, specified as the string of up to 32 characters.

Command mode

CONFIG

Example

ma4000(config)# slot 13 access-list create test

slot <SLOT> access-list delete

This command removes the ACL by its name.

Syntax     

slot <SLOT> access-list delete <NAME>

Parameters

<SLOT> – PLC8 module number, may take values (0..15). You may specify the list of numbers using comma ( , ) or specify the range using hyphen ( - );

<NAME> – ACL name, specified as the string of up to 32 characters.

Command mode

CONFIG

Example

ma4000(config)# slot 13 access-list delete test

slot <SLOT> access-list bind

This command assigns the ACL to certain interfaces.

Syntax     

slot <SLOT> access-list bind <INTERFACE> <RANGE> <NAME>

Parameters

<SLOT> – PLC8 module number, may take values (0..15). You may specify the list of numbers using comma ( , ) or specify the range using hyphen ( - );

<INTERFACE> – interface type: plc-front-port; plc-pon-port; plc-slot-channel. Interfaces descriotion is in Table 4.1.

<RANGE> – interface number. The range of values and numbering rules are described in Table 4.1.

<NAME> – ACL name, specified as the string of up to 32 characters.

Command mode

CONFIG

Example

ma4000(config)# slot 13 access-list bind plc-front-port 0/0 test

slot <SLOT> access-list unbind

This command removes compliance of the ACL with specified interfaces.

Syntax     

slot <SLOT> access-list unbind <INTERFACE> <RANGE> <NAME>

Parameters

<SLOT> – PLC8 module number, may take values (0..15). You may specify the list of numbers using comma ( , ) or specify the range using hyphen ( - );

<INTERFACE> – interface type: plc-front-port; plc-pon-port; plc-slot-channel. The description of interfaces is given in Table 4.1.

<RANGE> – interface number. The range of values and numbering rules are described in Table 4.1

<NAME> – ACL name, specified as the string of up to 32 characters.

Command mode

CONFIG

Example

ma4000(config)# slot 13 access-list unbind plc-front-port 0/0

slot <SLOT> access-list filter

This command sets (add) or removes (del) a packet filtering rule by one of the parameters for a certain ACL.

Syntax     

slot <SLOT> access-list [add|del] <TYPE> <VALUE> <NAME>

Parameters

<SLOT> – PLC8 module number, may take values (0..15). You may specify the list of numbers using comma ( , ) or specify the range using hyphen ( - );

<TYPE> – filtering method:

  • mac-sa – packet filtering is performed by the MAC address of the sender, MAC address is specified as XX:XX:XX:XX:XX, where each part takes the value 00-FF;
  • mac-da – packet filtering is performed by the MAC address of the recepient, MAC address is specified as XX:XX:XX:XX:XX, where each part takes the value 00-FF;
  • l2-protocol – packet selection is performed by ethertype, specified in 0xXXXX format;
  • ip-protocol – packet filtering is performed via IPV4/IPV6 protocol at L4 level, specified in 0xXX format;
  • ip-sa – packet filtering is performed by the IP address of the sender, IP address is specified as AAA.BBB.CCC.DDD, where each part takes values 0-255;
  • ip-da – packet filtering is performed by the IP address of the recepient, IP address is specified as AAA.BBB.CCC.DDD, where each part takes values 0-255;
  • ip-sa – packet filtering is performed by the IP address of the sender, IP address is specified as XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX, where each part takes values 0-FFFF;
  • ip-da – packet filtering is performed by the IP address of the recepient, IP address is specified as XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX, where each part takes values 0-FFFF;
  • tcp-sport – packet filtering is performed by the number of the TCP port of the sender, the port is specified in 0xXXXX format;
  • tcp-dport – packet filtering is performed by the number of the TCP port of the recepient, the port is set in 0xXXXX format;
  • udp-sport – packet filtering is performed by the number of the UDP port of the sender, the port is specified in 0xXXXX format;
  • udp-dport – packet filtering is performed by the number of the UDP port of the recepient, the port is set in 0xXXXX format.

<VALUE> – filter value;

<NAME> – filter name.

Command mode

CONFIG

Example

ma4000(config)# slot 13 access-list filter add ip-sa 192.168.2.2 test

show slot <SLOT> access-list

This command is used to view access control lists on a PLC8 line card.

Syntax     

show slot <SLOT> access-list

Parameters

<SLOT> – PLC8 module number, may take values (0..15). You may specify the list of numbers using comma ( , ) or specify the range using hyphen ( - ).

Command mode

ROOT

Example

ma4000# show slot 6 access-list 
Global mode: blacklist
  • Нет меток