CLI (Command Line Interface)

IP ACL Commands (Cont.)

Command

Function

 

 

mask

Command Usage: Packets crossing a port are checked against all the

(IP ACL - Cont.)

rules in the ACL until a match is found. The order in which these packets

 

are checked is determined by the mask, and not the order in which the ACL

 

rules were entered.

 

First create the required ACLs and ingress or egress masks before map-

 

ping an ACL to an interface.

 

If you enter dscp, you cannot enter tos or precedence. You can enter both

 

tos and precedence without dscp.

 

Masks that include an entry for a Layer 4 protocol source port or destina-

 

tion port can only be applied to packets with a header length of exactly five

 

bytes.

 

Example: This example creates an IP ingress mask with two rules. Each

 

rule is checked in order of precedence to look for a match in the ACL

 

entries. The first entry matching a mask is applied to the inbound packet:

 

Console(config)#access-list ip mask-precedence in

 

Console(config-ip-mask-acl)#mask host any

 

Console(config-ip-mask-acl)#mask 255.255.255.0 any

 

Console(config-ip-mask-acl)#

 

Example:

 

This shows that the entries in the mask override the precedence in which

 

the rules are entered into the ACL. In the following example, packets with

 

the source address 10.1.1.1 are dropped because the “deny 10.1.1.1

 

255.255.255.255” rule has the higher precedence according the “mask

 

host any” entry:

 

Console(config)#access-list ip standard A2

 

Console(config-std-acl)#permit 10.1.1.0 255.255.255.0

 

Console(config-std-acl)#deny 10.1.1.1 255.255.255.255

 

Console(config-std-acl)#exit

 

Console(config)#access-list ip mask-precedence in

 

Console(config-ip-mask-acl)#mask host any

 

Console(config-ip-mask-acl)#mask 255.255.255.0 any

 

Console(config-ip-mask-acl)#

 

Example:

 

This shows how to create a standard ACL with an ingress mask to deny

 

access to the IP host 171.69.198.102, and permit access to any others.

 

Console(config)#access-list ip standard A2

 

Console(config-std-acl)#permit any

 

Console(config-std-acl)#deny host 171.69.198.102

 

Console(config-std-acl)#end

 

Console#show access-list

 

IP standard access-list A2:

 

deny host 171.69.198.102

 

permit any

 

Console#configure

 

Console(config)#access-list ip mask-precedence in

 

Console(config-ip-mask-acl)#mask host any

 

Console(config-ip-mask-acl)#exit

 

Console(config)#interface ethernet 1/1

 

Console(config-if)#ip access-group A2 in

 

Console(config-if)#end

 

Console#show access-list

 

IP standard access-list A2:

 

deny host 171.69.198.102

 

permit any

 

Console#

 

 

214

NXA-ENET24 - Software Management Guide

Page 233 Page 235
Page 234
Image 234
AMX NXA-ENET24 manual Command Function Mask, Ip Acl
Page 233 Page 235

NXA-ENET24 specifications

The AMX NXA-ENET24 is a versatile and powerful networked control interface designed to meet the growing demands of modern AV systems. This network switch offers an exceptional combination of reliability, performance, and scalability, making it an ideal choice for professional environments such as conference rooms, educational facilities, and control rooms.

One of the key features of the NXA-ENET24 is its 24-port configuration, allowing for extensive connectivity options. Each port supports 10/100/1000 Mbps speeds, ensuring that high bandwidth applications are handled with ease. Additionally, the switch incorporates advanced auto-negotiation technology, which automatically configures the optimal speed and duplex mode for connected devices. This ensures seamless connectivity and minimizes the risk of network disruptions.

The NXA-ENET24 is designed with advanced management capabilities, including support for VLANs, which helps to segment network traffic for enhanced security and performance. Network administrators can easily create virtual local area networks to optimize traffic flow and reduce congestion. This feature is particularly beneficial in environments where multiple AV systems operate concurrently.

Another significant characteristic of the NXA-ENET24 is its support for Power over Ethernet, or PoE. This feature enables the switch to deliver electrical power alongside data through the network cables. As a result, devices such as IP cameras, VoIP phones, and wireless access points can be powered directly from the switch, simplifying deployment and reducing the need for additional power sources.

Monitoring and management of the switch are made easier through a user-friendly interface. The NXA-ENET24 supports SNMP for network management, allowing users to monitor performance metrics, configure settings, and receive alerts in case of issues. This level of oversight is crucial for maintaining the stability of AV systems in mission-critical applications.

Durability is another hallmark of the NXA-ENET24 design. The switch features a robust chassis that is engineered to withstand the rigors of professional use. With cooling mechanisms in place and a fanless design, the NXA-ENET24 operates quietly and efficiently, making it suitable for environments where noise is a concern.

In conclusion, the AMX NXA-ENET24 is a powerful, reliable, and feature-rich network switch that effectively supports modern AV applications. With its extensive connectivity options, advanced management capabilities, PoE support, and durable design, it is an excellent choice for integrators and organizations looking to optimize their network infrastructure.
Top Page Image Contents