` Inv. No. 337-TA-945
`CX-0221
`CX-0221
`
`CS|—AN|—00128383
`A:
`A
`I
`I
`
`User Manual
`
`Arista Networks
`
`WWW. arista.c0m
`
`Arista EOS version 4.14.3F — Rev. 2
`2 October 2014
`
`1
`
`ARISTA 1020
`Arista v. Cisco
`IPR2016-00309
`
`
`
`Chapter 18
`
`ACLs and Route Maps
`
`The switch uses rule based lists to control packet access to ports and to select routes for redistribution to
`routing domains defined by dynamic routing protocols. This chapter describes the construction of
`Access Control Lists (ACLs), prefix lists, and route maps.
`
`This chapter includes the following sections:
`
`Section 18.1: ACL, Route Map, and Prefix List Introduction
`Section 18.2: Access Control Lists
`
`Section 18.3: Route Maps
`Section 18.4: Prefix Lists
`
`Section 18.5: ACL, Route Map, and Prefix List Commands
`
`ACL, Route Map, and Prefix List Introduction
`
`An access control list (ACL) is an ordered set of rules that control the inbound flow of packets into
`Ethernet interfaces, port channel interfaces or the switch control plane. The switch supports the
`implementation of a wide Varie ty of filtering criteria including IP and MAC addresses, TCP/UDP ports
`with include/exclude options without compromising its performance or feature set. Filtering syntax is
`industry standard.
`
`A route map is an ordered set of rules that control the redistribution of IP routes into a protocol domain
`on the basis of such criteria as route metrics, access control lists, next hop addresses, and route tags.
`Route maps can also alter parameters of routes as they are redistributed.
`
`A prefix list is an ordered set of rules that defines route redistribution access for a specified IP address
`space. Route maps often use prefix lists to filter routes.
`
`User Manual: Version 4.l4.3F — Rev. 2
`
`CS|—AN I-001 28383.000834
`
`2
`
`
`
`Access Control Lists
`
`Chapter 18 ACLs and Route Maps
`
`Example
`°
`These commands assign test] ACL to Ethernet 3 interface, then verifies the assignment.
`switch(config)#interface ethernet 3
`switch(config—if—Et3)#ip access—group testl in
`switch(config—if—Et3)#show running-config interfaces ethernet 3
`interface Ethernet3
`ip access—group testl in
`switch(config—if—Et3)#
`
`Removing an ACL from an Interface
`
`The no ip access-group command removes an IP ACL assignment statement from running-canfig for the
`configuration mode interface. After an ACL is removed, the interface is not associated with an IP ACL.
`
`The no mac ip access-group command removes a MAC ACL assignment statement from rumzing-co1zfig
`for the configuration mode interface. After a l\/[AC ACL is removed, the interface is not associated with
`an MAC ACL.
`
`To remove an ACL from the control plane, enter the no ip access-group command in conu‘o1 plane
`configuration mode. Removing the control plane ACL command from running-config reinstates
`default-can trol-plane-acl as the control plane ACL.
`
`Examples
`°
`These commands remove the assigned IPV4 ACL from Ethernet 3 interface.
`switch(config)#interface ethernet 3
`switch(config—if—Et3)#no ip access—group test in
`switch(config—if—Et3)#
`
`°
`
`These commands place the switch in control plane configuration mode and remove the ACL
`assignment from running-config, restoring default-Con trol-plane-ucl as the Control Place ACL.
`switch(config)#contro1-plane
`switch(config—cp)#no ip access—group test_cp in
`switch(config—cp) #
`
`User Manual: Version -'|.l4.3F — Rev. 2
`
`CS|—AN|—00128383.000847
`
`3
`
`