Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
always functions when the switch uses an ACL to filter packets. (You
cannot delete the implicit “deny any”, but you can supersede it with a
“permit any” statement.)
Standard ACL Structure
Individual ACEs in a standard ACL include only a permit/deny “type” state-
ment, the source IP addressing, and an optional log command (available with
“deny” statements).
ip access-list < type > "< id-string >"
permit host < source-ip-address >
deny < source-ip-address > < acl-mask > [log]
.
.
.
permit any
exit
Figure 9-6. Example of the General Structure for a Standard ACL
For example, figure 9-7 shows how to interpret the entries in a standard ACL.
ACL List Heading with
List Type and ID String
(Name or Number)
Mask
ACE Action
(permit or deny)
End-of-List Marker
Source IP Address
Optional Logging
Command
Figure 9-7. Example of a Displayed Standard ACL Configuration with Two ACEs
9-27
To Next Page
Loading...
