Applying ACLs to an interface - Metasys - LIT-12012458 - Field Device - 13.0

Metasys IP Networks for BACnet/IP Controllers Technical Bulletin

Brand
Metasys
Document type
Technical Bulletin
Document number
LIT-12012458
Version
13.0
Revision date
2023-10-23
Product status
Active
Language
English

After an ACL has been created, it must be applied to the interfaces it is meant to restrict. ACLs can be applied to physical interfaces (for example, switch ports) as well as logical interfaces (for example, SVIs). One IP and one MAC ACL can be applied to a physical interface at the same time, but two IP ACLs (no MAC ACL) can be applied to a logical interface at a time. (One in each network traffic direction.) ACLs can be added to an interface when initially creating or configuring the interface, or after the interface has been created/configured.

The following steps illustrate adding the JCI-MAC ACL created in Configuring media access control (MAC) ACLs, and the JCI-TIER3 IP ACL created in Configuring IP controller device IP ACLs, to Fast Ethernet port 1 which was configured in Configuring virtual local area networks (VLANs).

Table 1. Configuring an ACL to a Cisco managed switch

Configuration step

Cisco IOS CLI command

1

Enter global configuration mode.

Switch# configure terminal

2

Access the switch port interface. In this example, Fast Ethernet port 1 is being accessed.

Switch(config)# interface FastEthernet1/1

3

Add the JCI-MAC MAC ACL to the interface.

Switch(config-if)# mac access-group JCI-MAC in

4

Add the JCI-TIER3 IP ACL to the interface.

Switch(config-if)# ip access-group JCI-TIER3 in

5

Exit global configuration mode.

Switch(config-if)# end

As noted in Configuring directed broadcast IP ACL, e xtended ACLs cannot be applied to an SVI for the purpose of restricting broadcast traffic. The following steps illustrate applying the standard IP ACL defined in Configuring directed broadcast IP ACL to the SVI to restrict broadcast traffic into VLAN 10.

Table 2. Configuring an ACL to a Cisco managed switch

Configuration Step

Cisco IOS CLI Command

1

Enter global configuration mode.

Switch# configure terminal

2

Access the SVI for VLAN 10.

Switch(config)# interface vlan 10

3

Enable directed broadcasts.

Switch(config-if)# ip directed-broadcast 101

4

Exit global configuration mode.

Switch(config-if)# end