Command Line Interface
704 1553-KDU 137 365 Uen D 2006-06-16
This is a more comprehensive example. It denies any TCP packets in which the
SYN bit is ON, and permits all other packets. It then sets the ingress mask to
check the deny rule first, and finally binds port 1 to this ACL. Note that once the
ACL is bound to an interface (that is, the ACL is active), the order in which the
rules are displayed is determined by the associated mask.
Switch(config)#access-list ip extended 6
Switch(config-ext-acl)#permit any any
Switch(config-ext-acl)#deny tcp any any control-flag 2 2
Switch(config-ext-acl)#end
Console#show access-list
IP extended access-list A6:
permit any any
deny tcp any any control-flag 2 2
Console#configure
Switch(config)#access-list ip mask-precedence in
Switch(config-ip-mask-acl)#mask protocol any any control-flag 2
Switch(config-ip-mask-acl)#end
Console#sh access-list
IP extended access-list A6:
permit any any
deny tcp any any control-flag 2 2
IP ingress mask ACL:
mask protocol any any control-flag 2
Console#configure
Console(config)#interface ethernet 1/1
Console(config-if)#ip access-group A6 in
Console(config-if)#end
Console#show access-list
IP extended access-list A6:
deny tcp any any control-flag 2 2
permit any any
IP ingress mask ACL:
mask protocol any any control-flag 2
Console#
To Next Page
Loading...
