Ip acl – SMC Networks TigerAccess SMC7816M User Manual

IP ACL

S

24-13

This is a more comprehensive example. It denies any TCP packets in
which the SYN bit is ON, and permits all other packets. It then sets the
ingress mask to check the deny rule first, and finally binds port 1 to this
ACL. Note that once the ACL is bound to an interface (i.e., the ACL is
active), the order in which the rules are displayed is determined by the
associated mask.

Console(config)#access-list ip extended 6
Console(config-ext-acl)#permit any any
Console(config-ext-acl)#deny tcp any any control-flag 2 2
Console(config-ext-acl)#end
Console#show access-list
IP extended access-list A6:
permit any any
deny tcp any any control-flag 2 2
Console#configure
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask protocol any any control-flag 2
Console(config-ip-mask-acl)#end
Console#sh access-list
IP extended access-list A6:
permit any any
deny tcp any any control-flag 2 2
IP ingress mask ACL:
mask protocol any any control-flag 2
Console#configure
Console(config)#interface ethernet 1/1
Console(config-if)#ip access-group A6 in
Console(config-if)#end
Console#show access-list
IP extended access-list A6:
deny tcp any any control-flag 2 2
permit any any
IP ingress mask ACL:
mask protocol any any control-flag 2
Console#