Chapter 10
| Access Control Lists
IPv4 ACLs
– 366 –
Example
This example accepts any incoming packets if the source address is within subnet
10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0)
equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#
This allows TCP packets from class C addresses 192.168.1.0 to any destination
address when set for destination TCP port 80 (i.e., HTTP).
Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any destination-port
80
Console(config-ext-acl)#
This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control
code set to “SYN.”
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any control-
flag 2 2
Console(config-ext-acl)#
Related Commands
access-list ip (362)
Time Range (168)
ip access-group This command binds an IPv4 ACL to a port. Use the no form to remove the port.
Syntax
ip access-group acl-name {in | out} [time-range time-range-name] [counter]
no ip access-group acl-name {in | out}
acl-name – Name of the ACL. (Maximum length: 32 characters)
in – Indicates that this list applies to ingress packets.
out – Indicates that this list applies to egress packets.
time-range-name - Name of the time range. (Range: 1-32 characters)
counter – Enables counter for ACL statistics.
Default Setting
None
Command Mode
Interface Configuration (Ethernet)
To Next Page
Loading...
