IPv4 Access Control Lists (ACLs)
Configuring and Assigning an ACL
Standard ACL Structure
Individual ACEs in a standard ACL include only a permit/deny “type” state-
ment, the source IP addressing, and an optional log command (available with
“deny” statements).
ip access-list < type > "< name-str | 1-99 >"
permit host < source-ip-address >
deny < source-ip-address > < acl-mask > [log]
.
.
.
permit any
Figure 9-8. Example of the General Structure for a Standard ACL
For example, figure 9-9 shows how to interpret the entries in a standard ACL.
ACL List Heading with
List Type and ID String
(Name or Number)
Mask
ACE Action
(permit or deny)
End-of-List Marker
Source IP Address
Optional Logging
Command
Figure 9-9. Example of a Displayed Standard ACL Configuration with Two ACEs
Extended ACL Configuration Structure
Individual ACEs in an extended ACL include:
■ A permit/deny “type” statement
■ Source IP addressing
■ Optional TCP or UDP port type with optional source port ID and
operator and/or optional destination port ID and operator
■ Destination IP addressing
■ Optional ACL log command (available for “Deny” ACLs only)
9-35
To Next Page
Loading...
