PDF(621.8 KB) View with Adobe Reader on a variety of devices
ePub(665.6 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(250.7 KB) View on Kindle device or Kindle app on multiple devices
Updated:December 11, 2018
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Bind Access List (ACL) to Port or Link Aggregation Group (LAG) Interface on ESW2-350G Switches
An access list (ACL) is used to filter network traffic. For an ACL to take effect, it must be bound to an interface on the switch. Any inbound packets then be matched against the ACLs bound to that interface to determine whether to forward or drop a packet. A MAC, IPv4 and IPv6 ACL can be bound to each interface. Multiple ACL of the same protocol cannot be bound to the same interface, they must be combined to accomplish the desired effect.
This document explains how to bind ACLs to a Link Aggregation Group (LAG) interface on ESW2-350G switches.
Step 1. Log in to the Switch Configuration Utility and choose Access Control > ACL Binding. The ACL Binding page opens:
Step 2. The ACL Binding page by default show all ACL bindings for port interfaces. Choose Port or LAG from the Filter: Interface Type equals to drop-down list, and click Go to view all Port or LAG interfaces.
Step 3. Add or modify the ACL bindings for a Port or LAG interface. Check the check-box for the the desired Port or LAG interface and click Edit. The Edit ACL Binding page opens.
Step 4. Three different ACLs can be bound to the Port or LAG interface. They are:
• MAC-Based ACL — To Bind a MAC-Based ACL, check the Select MAC-Based ACL check-box and choose the desired ACL from the drop-down list.
• IPv4-Based ACL — To Bind a IPv4-Based ACL, check the Select IPv4-Based ACL check-box and choose the desired ACL from the drop-down list.
• IPv6-Based ACL — To Bind a IPv6-Based ACL, check the Select IPv6-Based ACL check-box and choose the desired ACL from the drop-down list.
Note: The check-box and drop-down for any of the above options will only be highlighted if there is an available ACL under that protocol.
Step 5. Click the desired option from the Permit Any field.
• Disable (Deny Any) — If the IP packet doesn't match an ACL configured, it is denied(dropped).
• Enable — If the IP packet doesn't match an ACL configured, it is permitted.
Step 6. Click Apply to bind the chosen ACLs to the Port or LAG interface.
Step 7. (Optional) Repeat Steps 3-5 to add or modify ACL bindings on other Port or LAG interfaces.
Step 8. (Optional) Clear all ACL bindings on Port or LAG interfaces. Check the check-boxes next to the LAG interfaces to be cleared and click Clear.
Step 9. (Optional) To copy the ACL bindings from a Port or LAG interface to other Port or LAG interfaces quickly, check the check-box next to the LAG interface to copy and click Copy Settings... The Copy Settings page opens.
Enter the Port or LAG interfaces separated by commas, or a range of Port or LAG interfaces with a dash, into the to: field and click Apply to copy the settings onto the specified LAG interfaces.