Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Configuring and Assigning an ACL
Standard ACL Structure
Individual ACEs in a standard ACL include only a permit/deny “type” state-
ment, the source IP addressing, and an optional log command (available with
“deny” statements).
ip access-list < type > "< id-string >"
permit host < source-ip-address >
deny < source-ip-address > < acl-mask > [log]
.
.
.
permit any
exit
Figure 10-9. Example of the General Structure for a Standard ACL
For example, figure 10-10 shows how to interpret the entries in a standard
ACL.
ACL List Heading with
List Type and ID String
(Name or Number)
Mask
ACE Action
(permit or deny)
End-of-List Marker
Source IP Address
Optional Logging
Command
Figure 10-10. Example of a Displayed Standard ACL Configuration with Two ACEs
Extended ACL Configuration Structure
Individual ACEs in an extended ACL include:
■ A permit/deny “type” statement
■ Source IP addressing
■ Optional TCP or UDP port type with optional source port ID and
operator and/or optional destination port ID and operator
■ Destination IP addressing
10-37
To Next Page
Loading...
