Supermicro SSE-F3548S/SSE-F3548SR Configuration User’s Guide
IP Standard ACL rules can be created and identified either a with an ACL number as such as 1, 2 or 3 or
with a name string. An ACL identifier number can be any number from 1 to 32768. An ACL identifier name
can be any string length not exceeding 32 characters. No special characters are allowed in ACL name
strings.
IP Standard ACLs and IP Extended ACLs share the same ACL numbers and names. Hence ACL
numbers and names across all IP Standard and IP Extended ACLs have to be unique. In other
words, the same ACL number or name cannot be used for both IP Standard ACLs and IP
Users can associate a priority value to IP standard ACL rules. Based on the configured priority, the rules
will be orderly arranged on the hardware ACL table. The ACL rules are checked on the incoming packets
based on the order of priority. Higher priority ACL rules take precedence over lower priority rules. In case
of multiple rules with the same priority value, the rules that were created earlier will take precedence
over those created later.
If the user does not specify the priority, all rules will have a priority value of 1 by default.
The priority for the IP standard ACL rule “deny any any” is fixed as 1. Users cannot configure
the “deny any any” rule with different priority value. Since this rule will drop all the IP
packets, this rule is added at the end of the IP ACL table on the hardware.
IP Standard ACLs and IP Extended ACLs share the same ACL table on the hardware. Hence
priority values need to be configured while considering both IP standard and extended ACLs.
8.3.1 Creating IP Standard ACLs
Follow the steps below to create anIP Standard ACL.
Enters the configuration mode
ip access
-list standard { <access
-list-number(1-32768)> | <access-list-name> }
Creates an IP Standard ACL using ip-
access-list standard command.
access-list-number – can be any
number from 1 to 32768
access-list-name – can be any name
string up to 32 characters.
deny { any | host<ucast_addr> |
<ucast_addr><ip_mask> } [ {any |
host<ip_addr> | <ip_addr><ip_mask> } ]
[priority<value (1-255)>]
or
permit { any | host<src-ip-address> | <src-ip-
Configure a deny ACL rule or permit
ACL rule or redirect ACL rule.
The source and destination IP
addresses are provided with the
keyword host.
The keyword anyis used to refer to any
To Next Page
Loading...
