A
CCESS
C
ONTROL
L
ISTS
3-83
CLI – This example adds two rules:
1. Accept any incoming packets if the source address is in subnet 10.7.1.x.
For example, if the rule is matched; i.e., the rule (10.7.1.0 &
255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0),
the packet passes through.
2. Allow TCP packets from class C addresses 192.168.1.0 to any
destination address when set for destination TCP port 80 (i.e., HTTP).
3. Permit all TCP packets from class C addresses 192.168.1.0 with the
TCP control code set to “SYN.”
Configuring a MAC ACL
Command Attributes
• Action – An ACL can contain any combination of permit or deny
rules.
• Source/Destination Address Type – Use “Any” to include all
possible addresses, “Host” to indicate a specific MAC address, or
“MAC” to specify an address range with the Address and Bitmask
fields. (Options: Any, Host, MAC; Default: Any)
• Source/Destination MAC Address – Source or destination MAC
address.
• Source/Destination Bitmask – Hexidecimal mask for source or
destination MAC address.
• VID – VLAN ID. (Range: 1-4094)
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any 4-122
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
destination-port 80
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
control-flag 2 2
Console(config-std-acl)#
To Next Page
Loading...
