Security and authentication
11.4 IP access control list
SCALANCE XM-400/XR-500 Command Line Interface (CLI)
724 Configuration Manual, 11/2015, C79000-G8976-C252-10
Note
Subnet mask for individual hosts
If you create the rule for a single system (one IP address), you will need to specify the
subnet mask "255,255,255,255". As an alternative, you can specify the keyword "host"
followed by th
e IP address.
You delete an IP access control list with the no ip access-list standard <acl-num>
command.
You display the configuration of the access control list with the
show access-lists command.
With this command, you configure an IP access control list for the TCP protocol.
You have the following options:
● All incoming and/or outgoing TCP segments are not forwarded.
● Incoming and/or outgoing TCP segments of a specific host are not forwarded.
● Incoming and/or outgoing TCP segments of hosts of a specific subnet are not forwarded.
● Incoming and/or outgoing TCP segments are not forwarded to specific ports.
Note
Processing order of the lists
The access control lists are processed on the interface in the or
der in which they were
The index number of the access control list is not used for this.
You are in the ACL standard configuration mode.
The command prompt is as follows:
cli(config-std-nacl)#
To Next Page
Loading...
Need help?
General