636 Configuring Access Control Lists
ip access-list no-ping
deny icmp any any icmp-message echo
deny icmp any any icmp-message echo-reply
permit every
exit
interface gi1/0/1
ip access-group no-ping in
exit
Block RFC 1918 Addresses
This ACL may be useful on connections to ISPs to block traffic from non-
routable addresses.
ip access-list no-private-internet
deny ip 10.0.0.0. 0.255.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
permit every
exit
interface port-channel 1
access-group no-private-internet in
exit
Assign Packets to a CoS Queue
Assign a range of source or destination TCP ports to CoS queue 3 to provide
elevated service. Two rules are necessary to handle packets that have source or
destination ports outside the range.
ip access-list elevated-cos
permit tcp any range 49152 65535 any assign-queue 3
permit tcp any any range 49152 65535 assign-queue 3
permit every
exit
ip access-group elevated-cos in 25
Schedule Forwarding of Packets to a Different Port
This ACL L2 forwards matching packets to a different port based on a time
schedule. This is not equivalent to Policy-Based Forwarding, as the TTL in
the packet is not decremented, nor is a new destination MAC address written
into the packet.
time-range work-hours
To Next Page
Loading...
