Access Control Lists on the A4
24-12 Configuring Access Control Lists
Rule actions include:
• Deny — drop the packet.
• Permit — allow the frame to be switched.
• Assign to queue — assign the packet to a queue
Configuring A4 ACLs
This section provides procedures for configuring IPv4 extended and MAC ACLs on the A4.
Extended IPv4 ACL Configuration
Procedure 24-4 describes how to configure an IPv4 extended ACL on the A4.
Example
The following example creates an IPv4 access-list numbered 101 and applies it to the port fwe1.1.
A4(su)->router
A4(su)->router>enable
IP SIP any DIP exact 18 permit any 10.0.1.22
IP SIP any DIP any 17 deny any any
MAC SA any DA any 16 deny any any
Note: Unlike other Fixed Switch platforms, A4 ACLs are not terminated with an implicit “deny all”
rule. You must add such a rule manually.
Table 24-1 ACL Rule Precedence (continued)
ACL Type and Rule Priority Example
Procedure 24-4 Configuring an IPv4 Extended ACL on the A4
Step Task Command(s)
1. In global router configuration mode, create the
ACL and define the rules.
The number of the ACL must be in the range of
100 to 199.
access-list number {deny | permit}
ip (any | host src-ipaddr} {any |
host dest-ipaddr} [assign-queue
queue-id]
2. Optionally, insert new or replace existing rules access-list number {insert |
replace} entryno {deny | permit} ip
(any | host src-ipaddr} {any | host
dest-ipaddr} [assign-queue queue-id]
3. Optionally, move entries within the ACL. access-list number move destination
source1 [source2]
4. Display the contents of the ACL. show access-lists [number]
5. Apply the ACL to an interface. access-list interface number port-
string in [sequence sequence]
6. Optionally, display the ACLs associated with a
port.
show access-lists [interface [
port-
string]]
7. Optionally, delete an entire ACL or a single rule
or range of rules.
no access-list number [entryno
[entryno]]
To Next Page
Loading...
Need help?
General