Access Control Lists (ACL) | 109
For example, an ACL rule with TCP port range 4000 - 8000 will use eight entries in the CAM:
But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Related
Commands
ip access-list extended
Name (or select) an extended IP access list (IP ACL) based on IP addresses or protocols.
Syntax
ip access-list extended access-list-name
To delete an access list, use the no ip access-list extended access-list-name command.
Parameters
Defaults
All access lists contain an implicit deny any; that is, if no match occurs, the packet is dropped.
Command Modes
CONFIGURATION
Command
History
Usage
Information
The number of entries allowed per ACL is hardware-dependent. For detailed specification on entries
allowed per ACL, refer to your switch documentation.
Example
Figure 6-5. ip access-list extended Command Example
Related
Commands
Rule# Data Mask From To #Covered
1 0000111110100000 1111111111100000 4000 4031 32
2 0000111111000000 1111111111000000 4032 4095 64
3 0001000000000000 1111100000000000 4096 6143 2048
4 0001100000000000 1111110000000000 6144 7167 1024
5 0001110000000000 1111111000000000 7168 7679 512
6 0001111000000000 1111111100000000 7680 7935 256
7 0001111100000000 1111111111000000 7936 7999 64
8 0001111101000000 1111111111111111 8000 8000 1
Total Ports: 4001
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
deny Assigns a deny filter for IP traffic.
deny tcp Assigns a deny filter for TCP traffic.
access-list-name
Enter a string up to 140 characters long as the access list name.
Version 8.3.16.1 Introduced on MXL 10/40GbE Switch IO Module
FTOS(conf)#ip access-list extended TESTListEXTEND
FTOS(config-ext-nacl)#
ip access-list standard Configures a standard IP access list.
resequence access-list Displays the current configuration.
To Next Page
Loading...
