Contents
How an ACE Uses a Mask To Screen Packets for Matches . . . . . . . 10-30
What Is the Difference Between Network (or Subnet)
Masks and the Masks Used with ACLs?
. . . . . . . . . . . . . . . . . . . 10-30
Rules for Defining a Match Between a Packet and an
Access Control Entry (ACE)
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-31
Configuring and Assigning an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-35
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-35
General Steps for Implementing ACLs . . . . . . . . . . . . . . . . . . . . 10-35
Types of ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-35
ACL Configuration Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-36
Standard ACL Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-37
Extended ACL Configuration Structure . . . . . . . . . . . . . . . . . . . 10-37
ACL Configuration Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39
ACL Resource Consumption . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39
The Sequence of Entries in an ACL Is Significant . . . . . . . . . . . 10-39
In Any ACL, There Will Always Be a Match . . . . . . . . . . . . . . . . 10-41
A Configured ACL Has No Effect Until You Apply It to an
Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-41
Using the CLI To Create an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-41
General ACE Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-41
Using CIDR Notation To Enter the ACL Mask . . . . . . . . . . . . . . 10-42
Configuring and Assigning a Numbered, Standard ACL . . . . . . . . . 10-43
Configuring and Assigning a Numbered, Extended ACL . . . . . . . . . 10-48
Configuring a Named ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-54
Enabling or Disabling ACL Filtering on an Interface . . . . . . . . . . . . 10-57
Deleting an ACL from the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-58
Displaying ACL Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-58
Display an ACL Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-59
Display the Content of All ACLs on the Switch . . . . . . . . . . . . . . . . . 10-59
Display the ACL Assignments for an Interface . . . . . . . . . . . . . . . . . 10-60
Displaying the Content of a Specific ACL . . . . . . . . . . . . . . . . . . . . . 10-61
Displaying the Current Per-Port ACL Resources . . . . . . . . . . . . . . . 10-63
Display All ACLs and Their Assignments in the Switch
Startup-Config File and Running-Config File . . . . . . . . . . . . . . . . . . . 10-64
xiv
To Next Page
Loading...
Need help?
General