Chapter 11: Controlling Traffic and Switch Access 177
Section 11-4
The command creates a standard ACL. The number range for standard ACLs is
100 to 199 and 2000 to 2699. The parameter permit enables traffic, and deny
drops traffic. The remark parameter enables you to insert remarks into the list
that provide information about the list and why parameters are added.
The protocol parameter specifies which type of protocol within IP you are look-
ing to match. Examples include udp or tcp. The protocol ip in this field would
specify all IP traffic. The address/mask pair specifies the source and destination
of the sending and receiving devices for which you are trying to control traffic.
You can use the keyword any to specify all source or destination addresses. The
operator and port options enable you to specify protocol- and application-spe-
cific ports.
c. Configure a named standard access list:
(global) ip access-list standard {name}
(std-acl) {deny | permit} {source source-wildcard | host source | any}
For a standard-named ACL, the command ip access-list standard name indicates
that you want to enter a configuration mode on the list specified by the name
given. From there the switch enters a mode that enables you to enter the options
a line at a time until you exit the ACL configuration mode.
The parameter permit allows traffic, and deny drops traffic. For the permit or
deny option, the address/mask pair specifies which source address will be con-
trolled. You can use the keyword any to specify all source addresses.
d. Configure a named extended access list:
(global) ip access-list extended {name}
(extd-acl) {deny | permit} protocol {source source-wildcard | host source |
any} [operator port] {destination destination-wildcard | host
destination | any} [operator port]
For an extended-named ACL, the command ip access-list extended name indi-
cates that you want to enter a configuration mode on the list specified by the
name given. From there the switch enters a mode that enables you to enter the
options a line at a time until you exit the ACL configuration mode.
The parameter permit allows traffic, and deny drops traffic. The protocol param-
eter specifies which type of protocol within IP you are looking to match.
Examples include udp and tcp. The protocol ip in this field would specify all IP
traffic. The address/mask pair specifies the source and destination of the send-
ing and receiving devices for which you are trying to control traffic. You can use
the keyword any to specify all source or destination addresses. The operator and
port options enable you to specify protocol and application-specific ports.
To Next Page
Loading...
Need help?
General