Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
Syntax: [no] access-list
Creates an ACE in the specified (1-99) access list and
indicates the action (deny or permit) to take on a packet if
there is a match between the packet and the criterion in the
entry. If the ACL does not already exist, this command
creates the specified ACL and its first ACE. To create a
named ACL, refer to
“Configuring a Named ACL” on page
9-44.
< 1-99 >
Specifies the ACL ID number. The switch interprets an ACL
with a value in this range as a standard ACL.
Note: To create an access list with an alphanumeric name
(name-str) instead of a number, refer to “Configuring a
Named ACL” on page 9-44.
< deny | permit >
Specifies whether to deny (drop) or permit (forward) a
packet that matches the ACE criteria.
< any | host < src-ip-addr > | ip-addr / mask-length >
• any — Performs the specified action on any IP packet. Use
this criterion to designate packets from any IP address
.
•
host < host ip-address > — Performs the specified action on
any IP packet having the < host ip-address > as the source.
Use this criterion to designate packets from a single IP
address.
• IP-addr / mask-length — Performs the specified action on
any IP packet having a source address within the range
defined by either
< src-ip-addr / cidr-mask-bits >
or
< src-ip-addr < mask >>
Use this criterion to filter packets received from either a
subnet or a group of IP addresses. The mask can be in
either dotted-decimal format or CIDR format with the
number of significant bits. Refer to
“Using CIDR
Notation To Enter the ACL Mask” on page 9-32.
9-34
To Next Page
Loading...
