Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
You can use either the switch CLI or an offline text editor to create an ACL.
This section describes the CLI method, which is recommended for creating
short ACLs. (To use the offline method, refer to
“Editing ACLs and Creating
an ACL Offline” on page 9-53.)
General ACE Rules
These rules apply to all ACEs you create or edit using the CLI:
■ ACEs are placed in an ACL according to the sequence in which you
enter them (last entered, last listed).
■ You can use the CLI to delete an ACE from anywhere in a given ACL
by using the “no” form of the command to enter that ACE. However,
when you use the CLI to add an ACE, the new entry is always placed
at the end of the ACL.
■ Duplicate ACEs are allowed in an ACL. However, multiple instances
of an ACE have no effect on filtering because the first instance
preempts any subsequent duplicates.
For more information, refer to “Editing ACLs and Creating an ACL Offline” on
page 9-53.
Using CIDR Notation To Enter the ACL Mask
You can use CIDR (Classless Inter-Domain Routing) notation to enter ACL
masks. The switch interprets the bits specified with CIDR notation as the IP
address bits in an ACL and the corresponding IP address bits in a packet. The
switch then converts the mask to inverse notation for ACL use.
Table 9-6. Examples of CIDR Notation for Masks
IP Address Used In an ACL
with CIDR Notation
Resulting ACL Mask Meaning
18.38.240.125/15 0.1.255.255 The leftmost 15 bits must match; the
remaining bits are wildcards.
18.38.240.125/20 0.0.15.255 The leftmost 20 bits must match; the
remaining bits are wildcards.
18.38.240.125/21 0.0.7.255 The leftmost 21 bits must match; the
remaining bits are wildcards.
18.38.240.125/24 0.0.0.255 The leftmost 24 bits must match; the
remaining bits are wildcards.
18.38.240.125/32 0.0.0.0 All bits must match.
9-32
To Next Page
Loading...
