Access Control Lists (ACLs) | 79
Configure Filters with a Sequence Number
To create a filter for packets with a specified sequence number, follow these steps, starting in
CONFIGURATION mode:
When you create the filters with a specific sequence number, you can create the filters in any order and the
filters are placed in the correct order.
Figure 5-10 shows how the
seq command orders the filters according to the sequence number assigned. In
the example, filter 15 was configured before filter 5, but the
show config command displays the filters in the
correct order.
Figure 5-10. Command Example: seq
Configure Filters Without a Sequence Number
If you are creating an extended ACL with only one or two filters, you can let FTOS assign a sequence
number based on the order in which the filters are configured. FTOS assigns filters in multiples of 5.
Step Command Syntax Command Mode Purpose
1
ip access-list extended
access-list-name
CONFIGURATION Enter the IP ACCESS LIST mode by creating
an extended IP ACL.
2 seq sequence-number {deny | permit}
{ip-protocol-number | icmp | ip | tcp |
udp} {source mask | any | host
ip-address} {destination mask | any |
host ip-address} [operator port [port]]
[count [byte]] [order] [fragments]
CONFIG-EXT-NACL Configure a drop or forward filter.
Note: When assigning sequence numbers to filters, you might need to insert a new filter. To
prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another
number.
FTOS(conf-ext-nacl)#seq 15 deny ip host 112.45.0.0 any
FTOS(conf-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any
FTOS(conf-ext-nacl)#show config
!
ip access-list extended dilling
seq 5 permit tcp 12.1.0.0 0.0.255.255 any
seq 15 deny ip host 112.45.0.0 any
FTOS(conf-ext-nacl)#
To Next Page
Loading...
