Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Configuring and Assigning an ACL
Syntax: [no] access-list
Creates an ACE in the specified (100-199) access list and:
• Indicates the action (deny or permit) to take on a packet
if there is a match between the packet and the criteria in
the complete ACE.
• Specifies the packet protocol type (IP, TCP, or UDP).
• Specifies the source and destination addressing options
described in the remainder of this section.
• Allows optional ACL logging where a packet has a match
with a deny ACE.
If the ACL does not already exist, this command creates the
specified ACL and its first ACE. If the ACL already exists,
this command adds a new, explicit ACE to the end of the
ACL. For a match to occur, the packet must have the source
and destination IP addressing criteria specified by this
command, as well as any protocol-specific (TCP or UDP
port number) criteria specified by the command. To create
a named ACL, refer to “
Configuring a Named ACL” on page
10-54.
< 100-199 >
Specifies the ACL ID number. The switch interprets an ACL
with a value in this range as an extended ACL.
Note: To create an access list with an alphanumeric name
instead of a number, refer to
“Configuring a Named ACL”
on page 10-54.
< deny | permit >
Specifies whether to deny (drop) or permit (forward) a packet that
matches the ACE criteria.
< ip | tcp | udp >
Specifies the packet protocol type required for a match:
• ip — any IP packet
• tcp — only tcp packets
• udp — only udp packets
10-49
To Next Page
Loading...
