Configuring ACLs
Fixed Switch Configuration Guide 24-7
Port-string Access-list
----------- -----------
ge.1.29 121
Configuring ACLs
This section provides procedures and examples for configuring IPv4, IPv6, and MAC ACLs. With
the exception of A4 ACLs, all ACLs are terminated with an implicit “deny all” rule.
Configuring IPv4 ACLs
Procedure 24-1 describes how to configure IPv4 standard and extended ACLs.
Procedure 24-1 Configuring IPv4 Standard and Extended ACLs
Step Task Command(s)
1. In global router configuration mode, create the
ACL and define the rules.
1a Standard ACLs must be numbered from 1 to 99. access-list acl-number {deny |
permit} source [source-wildcard]
[assign-queue queue-id]
1b Extended ACLs must be numbered from 100 to
199.
access-list acl-number {deny |
permit} protocol source [source-
wildcard] [eq port] destination
[destination-wildcard] [eq
port][precedence precedence | tos
tos tosmask | dscp dscp ] [assign-
queue queue-id]
2. Optionally, insert new or replace existing rules
2a For standard ACLs access-list acl-number insert |
replace entryno {deny | permit}
source [source-wildcard] [assign-
queue queue-id]
2b For extended ACLs access-list acl-number insert
|
replace entryno {deny | permit}
protocol source [source-wildcard]
[eq port] destination [destination-
wildcard] [eq port] [precedence
precedence | tos tos tosmask | dscp
dscp ] [assign-queue queue-id]
3. Optionally, move entries within the ACL. access-list acl-number move
destination source1 [source2]
4. Display the contents of the ACL. show access-lists [number]
5. Apply the ACL:
5a In router interface configuration mode, apply to a
routing VLAN interface
ip access-group acl-number in
[sequence sequence]
5b In global router configuration mode, apply to an
interface
access-list interface acl-number
port-string in [sequence sequence]
To Next Page
Loading...
Need help?
General