Configuration Guide Configuring ACL
You can configure this ACL on an access, an aggregate, or a core device based on the distribution of users. The IP
ACL takes effect only on the local device, and does not affect other devices on the network.
Adding ACEs to an IP ACL
(Optional) An ACL may contain zero or multiple ACEs. If no ACE is configured, all incoming IPv4 packets of the device
are denied by default.
Applying an IP ACL
(Mandatory) Apply an IP ACL to a specified interface if you want this ACL take effect.
You can apply an IP ACL on a specified interface of an access, an aggregate, or a core device based on the distribution
of users.
Verification
Use the following methods to verify the configuration effects of the IP ACL:
Run the ping command to verify that the IP ACL takes effect on the specified interface. For example, if an IP ACL is
configured to prohibit a host with a specified IP address or hosts in a specified IP address range from accessing the
network, run the ping command to verify that the host(s) cannot be successfully pinged.
Access related network resources to verify that the IP ACL takes effect on the specified interface. For example, access
the Internet or access the FTP resources on the network through FTP.
Related Commands
Configuring an IP ACL
ip access-list { standard | extended } {acl-name | acl-id }
standard: Indicates that a standard IP ACL is created.
extended: Indicates that an extended IP ACL is created.
acl-name: Indicates the name of a standard or an extended IP ACL. If this option is configured, a named
ACL is created. The name is a string of 1 to 99 characters. The ACL name cannot start with numbers (0–9),
"in", or "out".
acl-id: Indicates the ID that uniquely identifies a standard or extended IP ACL. If this option is configured, a
numbered ACL is created. If a standard IP ACL is created, the value range of acl-id is 1–99 and 1300–1999.
If an extended IP ACL is created, the value range of acl-id is 100–199 and 2000–2699.
Global configuration mode
Run this command to configure a standard or an extended IP ACL and enter standard or extended IP ACL
configuration mode. If you want to control access of users to network resources by checking the source IP
address of each packet, configure a standard IP ACL. If you want to control access of users to network
resources by checking the source or destination IP address, protocol number, and TCP/UDP source or
destination port, configure an extended IP ACL.
Adding ACEs to an IP ACL
To Next Page
Loading...
Need help?
General
