IPv4 Access Control Lists (ACLs)
Configuring and Assigning an ACL
Table 9-7. Examples of CIDR Notation for Masks
IP Address Used In an ACL
with CIDR Notation
Resulting ACL Mask Meaning
18.38.240.125/15 0.1.255.255 The leftmost 15 bits must match; the
remaining bits are wildcards.
18.38.240.125/20 0.0.15.255 The leftmost 20 bits must match; the
remaining bits are wildcards.
18.38.240.125/21 0.0.7.255 The leftmost 21 bits must match; the
remaining bits are wildcards.
18.38.240.125/24 0.0.0.255 The leftmost 24 bits must match; the
remaining bits are wildcards.
18.38.240.125/32 0.0.0.0 All bits must match.
Configuring and Assigning a Numbered, Standard ACL
To Configure: Refer to:
Configuring Named ACLs “Configuring a Named ACL” on page 9-51
Configuring Extended, “Configuring and Assigning a Numbered, Extended ACL” on page
Numbered ACLs 9-45
A standard ACL uses only source IP addresses in its ACEs. This type of ACE
is useful when you need to:
■ Permit or deny traffic based on source IP address only.
■ Quickly control the IP traffic from a specific address, a group of
addresses, or a subnet. This allows you to isolate traffic problems
generated by a specific device, group of contiguous devices, or a
subnet threatening to degrade network performance. This gives you
an opportunity to troubleshoot without sacrificing performance for
users outside of the problem area.
You can identify each standard ACL with a number in the range of 1 - 99, or an
alphanumeric string of up to 64 characters. The CLI command process for
using an alphanumeric string to name an ACL differs from the command
process for a numeric name. For a description of how to name an ACL with
an alphanumeric character string, refer to “Configuring a Named ACL” on page
9-51. To view the command differences, refer to table 9-1, “Comprehensive
Command Summary” on page 9-6.
9-40
To Next Page
Loading...
