Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
The mask is applied to the IP address in the ACL to define
which bits in a packet’s source IP address must exactly
match the IP address configured in the ACL and which
bits need not match. Note that specifying a group of
contiguous IP addresses may require more than one
ACE. For more on how masks operate in ACLs, refer to
“How an ACE Uses a Mask To Screen Packets for Matches”
on page 9-20.
[log]
Optionally generates an ACL log message if:
• The action is deny.
• There is a match.
• ACL logging is enabled on the switch. (Refer to
“Enable ACL “Deny” Logging” on page 9-59.)
(Use the debug command to direct ACL logging output to
the current console session and/or to a Syslog server. Note
that you must also use the logging < ip-addr > command to
specify the IP addresses of Syslog servers to which you want
log messages sent. See also
“Enable ACL “Deny” Logging”
on page 9-59.)
Syntax: vlan < vid > ip access-group < ASCII-STR > < in | out >
Assigns an ACL, designated by an ACL ID (<
ASCII-STR >),
to a VLAN.
Example of a Standard ACL. Suppose you wanted to configure a standard
ACL and assign it to filter inbound traffic on VLAN 10 in a particular switch:
■ The ID you selected for this ACL is “50”.
■ You want the ACL to deny IP traffic from all hosts except these three:
• 18.128.100.10
• 18.128.100.27
• 18.128.100.14
9-35
To Next Page
Loading...
Need help?
General