DGS-3610# configure terminal
DGS-3610(config)#
3. Enter the ACL configuration mode.
DGS-3610(config)# ip access-list extended test-tcp-flag
DGS-3610(config-ext-nacl)#
4. Add an ACL entry
DGS-3610(config-ext-nacl)# permit tcp any any match-all rst
5. Add a deny entry
DGS-3610(config-ext-nacl)# deny tcp any any match-all fin
6. Adding/delete entries repeatedly.
7. end
DGS-3610(config-ext-nacl)# end
8. Show
DGS-3610# show access-list test-tcp-flag
ip access-lists extended test-tcp-flag
10 permit tcp any any match-all rst
20 deny tcp any any match-all fin
44.8 Configuring ACL Entries by
Priority
To embody the ACE priority, there are standards for each ACL to normalize the ACE
arranging method under the ACL by using the numbered start point – increment mode, as
detailed below:
ACE is sorted in the ascend order in the chain table by the sequential numbers
Starting from the start point number, if no number is specified, it increases by step on
the basis of the previous ACE number.
To specify number, the ACE is inserted in sorting mode, and the increment ensures new
ACE can be inserted between two adjacent ACEs.
The ACL specifies the start point number and the number increment.
The ip access-list resequence {acl-id| acl-name} sn-start sn-inc command is available, with
details in the related command reference.
Whenever the above command is run, the ACEs will be re-sorted under the ACL list. For
example, the ACE numbers under the ACL named tst_acl is as follows:
In the beginning
ace1: 10
ace2: 20
ace3: 30
To Next Page
Loading...
Need help?
General