Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
Extended ACL Configuration Structure
Individual ACEs in an extended ACL include:
■ A permit/deny “type” statement
■ Source IP addressing
■ Optional TCP or UDP port type with optional source port ID and
operator and/or optional destination port ID and operator
■ Destination IP addressing
■ Optional ACL log command
ip access-list < type > “< id-string >”< permit | deny > ip
< source-ip-address > < source-acl-mask >
< destination-ip-address > < destination-acl-mask > [ log ]
< permit | deny > tcp
< source-ip-address > < source-acl-mask > [< operator > < port-id >]
< destination-ip-address > < destination-acl-mask > [< operator > < port-id >] [ log ]
< permit | deny > udp
< source-ip-address > < source-acl-mask > [< operator > < port-id >]
< destination-ip-address > < destination-acl-mask > [< operator > < port-id >] [ log ]
.
.
.
Note: The optional log
function appears only
with “deny” aces.
Figure 9-8. General Structure for an Extended ACL
9-28
To Next Page
Loading...
