IPv4 Access Control Lists (ACLs)
Configuring and Assigning an ACL
ip access-list < type > “< name-str | 100-199 >”< permit | deny > ip
Note: The optional log
< source-ip-address > < source-acl-mask >
function appears only
with “deny” aces.
< destination-ip-address > < destination-acl-mask > [log]
< permit | deny > tcp
< source-ip-address > < source-acl-mask > [< operator > < port-id >]
< destination-ip-address > < destination-acl-mask > [< operator > < port-id >]
[log]
< permit | deny > udp
< source-ip-address > < source-acl-mask > [< operator > < port-id >]
< destination-ip-address > < destination-acl-mask > [< operator > < port-id >]
[log]
. . .
exit
Figure 9-10. General Structure for an Extended ACL
For example, figure 9-11 shows how to interpret the entries in an extended
ACL.
Optional Source UDP or
TCP Operator and Port
Number
In this case, the ACL
specifies UDP port 69
packets coming from the
source IP address.
Protocol Types
End-of-List
Marker
Source IP Addresses and
Masks.
Upper entry denies certain
UDP packets from a single
host. Lower entry denies all
UDP packets from all hosts.
Optional Destination
UDP or TCP Operator
and Port Numbers
In this case, the ACL
specifies UDP port
number 3690.
Destination IP
Address and Mask
ACE Action
(permit or deny)
ACL List Heading with
List Type and ID String
(Name or Number)
Specifies all destination
IP addresses.
Denies TCP
Port 80
traffic to any
destination
from any
source.
Figure 9-11. Example of a Displayed Extended ACL Configuration
9-36
To Next Page
Loading...
Need help?
General