31-14
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-07
Chapter 31 Configuring Network Security with ACLs
Configuring IPv4 ACLs
After creating a numbered extended ACL, you can apply it to terminal lines (see the “Applying an IPv4
ACL to a Terminal Line” section on page 31-18), to interfaces (see the “Applying an IPv4 ACL to an
Interface” section on page 31-19), or to VLANs (see the “Configuring VLAN Maps” section on
page 31-29).
Resequencing ACEs in an ACL
Sequence numbers for the entries in an access list are automatically generated when you create a new
ACL.You can use the ip access-list resequence global configuration command to edit the sequence
numbers in an ACL and change the order in which ACEs are applied. For example, if you add a new ACE
to an ACL, it is placed at the bottom of the list. By changing the sequence number, you can move the
ACE to a different position in the ACL.
For more information about the ip access-list resequence command, see this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsaclseq.
htm
Creating Named Standard and Extended ACLs
You can identify IPv4 ACLs with an alphanumeric string (a name) rather than a number. You can use
named ACLs to configure more IPv4 access lists in a router than if you were to use numbered access
lists. If you identify your access list with a name rather than a number, the mode and command syntax
are slightly different. However, not all commands that use IP access lists accept a named access list.
Note The name you give to a standard or extended ACL can also be a number in the supported range of access
list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP ACL
can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete
individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
• Not all commands that accept a numbered ACL accept a named ACL. ACLs for packet filters and
route filters on interfaces can use a name. VLAN maps also accept a name.
• A standard ACL and an extended ACL cannot have the same name.
• Numbered ACLs are also available, as described in the “Creating Standard and Extended IPv4
ACLs” section on page 31-7.
• You can use standard and extended ACLs (named or numbered) in VLAN maps.
Beginning in privileged EXEC mode, follow these steps to create a standard ACL using names:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip access-list standard name Define a standard IPv4 access list using a name, and enter
access-list configuration mode.
Note The name can be a number from 1 to 99.
To Next Page
Loading...
Need help?
General
