Page 3 | AlliedWare Plus™ OS How To Note
Creating hardware ACLs
Creating hardware ACLsHardware ACLs contain both the match criteria and the action to take on matching traffic.
There are two types of hardware ACL: IP address and MAC address. These are indexed by
their ID number. IP hardware ACLs have a number in the range 3000 to 3699 and MAC
hardware ACLs have a number in the range 4000 to 4699.
The following table shows the available ACL ranges as displayed by the ? help, and highlights
the hardware ACLs.
The ACLs give you the following choice of actions to take on matching traffic (see “The
effects of the action keywords in ACLs” on page6 for details).
Creating IP hardware ACLs
IP hardware ACLs filter packets from the following IP protocols:
zIP
zICMP
zTCP
zUDP
This section describes how to create ACLs to filter packets from each of these protocols.
Number range Description
1-99 IP standard access list
100-199 IP extended access list
1300-1999 IP standard access list (expanded range)
2000-2699 IP extended access list (expanded range)
3000-3699 Hardware IP access list
4000-4699 Hardware MAC access list
extended Named IP extended access list
standard Named IP standard access list
Action parameter Description
copy-to-cpu Specify packets to copy to the CPU
copy-to-mirror Specify packets to copy to the mirror port
deny Specify packets to reject
permit Specify packets to permit
send-to-cpu Specify packets to send to the CPU