23-1
Chapter 23: Access Control List Commands
Access Control Lists (ACL) provide packet filtering for IP frames (based on address,
protocol, Layer 4 protocol port number or TCP control code), or any frames (based
on MAC address or Ethernet type). To filter packets, first create an access list, add
the required rules, specify a mask to modify the precedence in which the rules are
checked, and then bind the list to a specific port. This section describes the Access
Control List commands.
IP ACLs
The commands in this section configure ACLs based on IP addresses, TCP/UDP
port number, protocol type, and TCP control code. To configure IP ACLs, first create
an access list containing the required permit or deny rules, set a precedence mask
to control the filter sequence, and then bind the access list to one or more ports
Table 23-1 Access Control List Commands
Command Groups Function Page
IP ACLs Configures ACLs based on IP addresses, TCP/UDP port number,
protocol type, and TCP control code
23-1
MAC ACLs Configures ACLs based on hardware addresses, packet format, and
Ethernet type
23-12
ACL Information Displays ACLs and associated rules; shows ACLs assigned to each port 23-19
Table 23-2 IP ACL Commands
Command Function Mode Page
access-list ip Creates an IP ACL and enters configuration mode for
standard or extended IP ACLs
GC 23-2
permit, deny Filters packets matching a specified source IP address IP-
STD-ACL
23-2
permit, deny Filters packets meeting the specified criteria, including
source and destination IP address, TCP/UDP port number,
protocol type, and TCP control code
IP-
EXT-ACL
23-3
show ip access-list Displays the rules for configured IP ACLs PE 23-5
access-list ip
mask-precedence
Changes to the IP Mask mode used to configure access
control masks
GC 23-6
mask Sets a precedence mask for the ACL rules IP-Mask 23-6
show access-list ip
mask-precedence
Shows the ingress or egress rule masks for IP ACLs PE 23-10
ip access-group Adds a port to an IP ACL IC 23-11
show ip access-group Shows port assignments for IP ACLs PE 23-11
To Next Page
Loading...
Need help?
General