Configuration Guide Access Control List Configuration
If you have created a sentence and it allows all data flows to pass, then the following sentences will
not be checked, as shown in the following example:
access-list 101 deny ip any any
access-list 101 permit tcp 192.168.12.0 0.0.0.255 eq telnet any
Because the first rule sentence denies all IP messages, the host telnet message of the
192.168.12.0/24 network will be denied. Because the switch discover that the messages match the
first rule sentence, it will not check other rule sentences.
Configuring IP Access List
The configuration of the basic access list includes the following steps:
1. Define a basic access list
2. Apply the access list to a specific interface.
There are two methods to configure a basic access list.
Method 1: Run the following command in the global configuration mode:
Ruijie(config)# access-list id {deny | permit}
{src src-wildcard | host src | any | interface idx}
[time-range tm-rng-name]
Ruijie(config)# interface interface
Select the interface to which the access
list is to be applied.
Ruijie(config-if)# ip access-group id { in | out }
Apply the access list to the specific
interface
Method 2: Run the following command in the ACL configuration mode:
Ruijie(config)# ip access-list { standard |
extended } { id | name }
Enter the access list configuration mode
Ruijie (config-xxx-nacl)# [sn] { permit | deny }
{src src-wildcard | host src | any } [time-range
tm-rng-name]
Add table entries for ACL. For details,
please see command reference.
Ruijie(config-xxx-nacl)# exit
Ruijie(config)# interface interface
Exit from the access control list mode and
select the interface to which the access list
is to be applied.
Ruijie(config-if)# ip access-group id { in | out }
Apply the access list to the specific
interface
To Next Page
Loading...
