To Next Page

To Previous Page

access-list (extended)

SecureStack C2 Configuration Guide 23-77

Ifsource2isnotspecifiedwithmove,onlyoneentrywillbemoved.

Mode

Globalconfiguration:C2(su)‐>router(Config)#

Usage

ValidaccesslistnumbersforstandardACLsare1to99.ForextendedACLs,validvaluesare100

to199.

Accesslistsareappliedtointerfacesbyusingthe

ipaccess‐groupcommand((page23‐79)).

Examples

Thisexampleshowshowtocreateaccesslist1withthreeentriesthatallowaccesstoonlythose

hostsonthethreespecifiednetworks.Thewildcardbitsapplytothehostportionsofthenetwork

addresses.Anyhostwithasourceaddressthatdoesnotmatchtheaccesslistentrieswill

be

rejected:

C2(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255

C2(su)->router(Config)#access-list 1 permit 128.88.0.0 0.0.255.255

C2(su)->router(Config)#access-list 1 permit 36.0.0.0 0.255.255.255

Thisexamplemovesentry16tothebeginningofACL22:

C2(su)->router(Config)#access-list 22 move 1 16

access-list (extended)

UsethiscommandtodefineanextendedIPaccesslistbynumberwhenoperatinginroutermode.

Thenoformofthiscommandremovesthedefinedaccesslistorentry:

Syntax

To apply ACL restrictions to IP, UDP, ICMP or TCP packets:

access-list access-list-number {deny | permit} protocol source [source-wildcard]

[operator [port]] destination [destination-wildcard]

no access-list access-list-number [entry]

To insert or replace an ACL entry:

access-list access-list-number insert | replace entry

To move entries within an ACL:

access-list access-list-number move destination source1 [source2]

Parameters

Note: ACLs are not supported on routed VLANs which incorporate LAG ports.

access‐list‐number Specif iesanextendedaccesslistnumber.Validvaluesarefrom100to199. 

deny|permit Deniesorpermitsaccessifspecif iedconditionsaremet.

Enterasys SecureStack C2 C2G170-24 User Manual

Other manuals for Enterasys SecureStack C2 C2G170-24