Chapter 7: Quality of Service Commands 655
IP Access Control List Commands
This section describes the commands you use to configure IP Access Control List
(ACL) settings. IP ACLs ensure that only authorized users have access to specific
resources and block any unwarranted attempts to reach network resources.
The following rules apply to IP ACLs:
◆ FASTPATH software does not support IP ACL configuration for IP packet
fragments.
◆ The maximum number of ACLs you can create is hardware dependent. The
limit applies to all ACLs, regardless of type.
◆ The maximum number of rules per IP ACL is hardware dependent.
◆ Wildcard masking for ACLs operates differently from a subnet mask. A
wildcard mask is in essence the inverse of a subnet mask. With a subnet
mask, the mask has ones (1's) in the bit positions that are used for the
network address, and has zeros (0's) for the bit positions that are not used. In
contrast, a wildcard mask has (0’s) in a bit position that must be checked. A
1 in a bit position of the ACL mask indicates the corresponding bit can be
ignored.
access-list This command creates an IP Access Control List (ACL) that is identified by the
access list number, which is 1-99 for standard ACLs or 100-199 for extended
ACLs.
IP Standard ACL:
IP Extended ACL:
Format
access-list
1-99
[rule
1-1023
] {deny | permit} {every
|
srcip srcmask
} [log] [time-range
time-range-
name
][assign-queue
queue-id
] [{mirror | redirect}
slot/port
]
Mode Global Config
To Next Page
Loading...
