Access Control List Commands, Access Control Lists

CLI (Command Line Interface)

802.1x Port Authentication Commands (Cont.)

Command	Function

show dot1x (Cont.)	Operation mode	Single-Host
	Max count	5
	Port-control	Auto
	Supplicant	00-00-e8-49-5e-dc
	Current Identifier	3
	Authenticator State	Machine
	State	Authenticated
	Reauth Count	0
	Backend State Machine
	State	Idle
	Request Count	0
	Identifier(Server)	2

Reauthentication State Machine

StateInitialize

802.1X is disabled on port 1/26 Console#

Access Control List Commands

Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter packets, first create an access list, add the required rules, specify a mask to modify the precedence in which the rules are checked, and then bind the list to a specific port.

Access Control Lists

An ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress or egress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match for a list of all permit rules, the packet is dropped; and if no rules match for a list of all deny rules, the packet is accepted.

There are three filtering modes:

Standard IP ACL mode (STD-ACL) filters packets based on the source IP address.

Extended IP ACL mode (EXT-ACL) filters packets based on source or destination IP address, as well as protocol type and protocol port number.

If the TCP protocol is specified, then you can also filter packets based on the TCP control code.

MAC ACL mode (MAC-ACL) filters packets based on the source or destination MAC address and the Ethernet frame type (RFC 1060).

The following restrictions apply to ACLs:

This switch supports ACLs for both ingress and egress filtering.

However, you can only bind one IP ACL and one MAC ACL to any port for ingress filtering, and one IP ACL and one MAC ACL to any port for egress filtering. In other words, only four ACLs can be bound to an interface – Ingress IP ACL, Egress IP ACL, Ingress MAC ACL and Egress MAC ACL.

When an ACL is bound to an interface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind operation will fail.

Each ACL can have up to 32 rules.

The maximum number of ACLs is also 32. However, due to resource restrictions, the average number of rules bound the ports should not exceed 20.

You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule.

The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.

NXA-ENET24 - Software Management Guide	209

NXA-ENET24 specifications

The AMX NXA-ENET24 is a versatile and powerful networked control interface designed to meet the growing demands of modern AV systems. This network switch offers an exceptional combination of reliability, performance, and scalability, making it an ideal choice for professional environments such as conference rooms, educational facilities, and control rooms.

One of the key features of the NXA-ENET24 is its 24-port configuration, allowing for extensive connectivity options. Each port supports 10/100/1000 Mbps speeds, ensuring that high bandwidth applications are handled with ease. Additionally, the switch incorporates advanced auto-negotiation technology, which automatically configures the optimal speed and duplex mode for connected devices. This ensures seamless connectivity and minimizes the risk of network disruptions.

The NXA-ENET24 is designed with advanced management capabilities, including support for VLANs, which helps to segment network traffic for enhanced security and performance. Network administrators can easily create virtual local area networks to optimize traffic flow and reduce congestion. This feature is particularly beneficial in environments where multiple AV systems operate concurrently.

Another significant characteristic of the NXA-ENET24 is its support for Power over Ethernet, or PoE. This feature enables the switch to deliver electrical power alongside data through the network cables. As a result, devices such as IP cameras, VoIP phones, and wireless access points can be powered directly from the switch, simplifying deployment and reducing the need for additional power sources.

Monitoring and management of the switch are made easier through a user-friendly interface. The NXA-ENET24 supports SNMP for network management, allowing users to monitor performance metrics, configure settings, and receive alerts in case of issues. This level of oversight is crucial for maintaining the stability of AV systems in mission-critical applications.

Durability is another hallmark of the NXA-ENET24 design. The switch features a robust chassis that is engineered to withstand the rigors of professional use. With cooling mechanisms in place and a fanless design, the NXA-ENET24 operates quietly and efficiently, making it suitable for environments where noise is a concern.

In conclusion, the AMX NXA-ENET24 is a powerful, reliable, and feature-rich network switch that effectively supports modern AV applications. With its extensive connectivity options, advanced management capabilities, PoE support, and durable design, it is an excellent choice for integrators and organizations looking to optimize their network infrastructure.

AMX NXA-ENET24 Access Control List Commands, Access Control Lists, Command Function Show dot1x

Models: NXA-ENET24

802.1x Port Authentication Commands (Cont.)

Command

Function

show dot1x (Cont.)

Access Control List Commands

Access Control Lists

NXA-ENET24 specifications