Examples
Blocking all multicast traffic except one address
This example uses two interface ACLs, one with an action of permit and one with an action of deny.
Use this type of configuration when you want to discard a wide range of traffic but want to forward a subset of traffic within that range.
Consider a situation where you want to prevent the forwarding of multicast traffic in general, but wish to support an application that needs to send packets to one particular multicast address (236.5.8.213 in this example). To configure this:
1.Create an ACL to match and permit packets with the multicast destination address 236.5.8.213. To do this, enter global configuration mode and use the command:
2.Create an ACL to match and deny all packets with a multicast destination address. To do this, use the command:
3.Attach the ACLs to the port (for example, 1.0.10). You must first attach the permit ACL, then the deny ACL. To do this, use the commands:
awplus(config)#interface port1.0.10
Mirroring HTTP and SMTP traffic
This example uses two interface ACLs with actions of
Use this type of configuration when you want to mirror a subset of the incoming traffic on a port, instead of mirroring all incoming traffic.
Consider a situation where you want to capture the HTTP (TCP port 80) and SMTP (TCP port 25) traffic coming to users who are connected to ports
1.Set port 1.0.20 as the mirror port. To do this, enter global configuration mode and use the commands:
awplus(config)#interface port1.0.20
2.Create ACLs to match HTTP and SMTP traffic. To do this, return to global configuration mode and use the commands:
3.Attach the ACLs to ports
awplus(config)#interface
Page 15 AlliedWare Plus™ OS How To Note