Configuring standard named acls, Standard named acl syntax – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 937
Brocade TurboIron 24X Series Configuration Guide
903
53-1003053-01
Configuring standard named ACLs
Configuring standard named ACLs
This section describes how to configure standard named ACLs with alphanumeric IDs. This section
also provides configuration examples.
Standard ACLs permit or deny packets based on source IP address. You can configure up to 99
standard named ACLs. There is no limit to the number of ACL entries an ACL can contain except
for the system-wide limitation. For the number of ACL entries supported on a device, refer to
The commands for configuring named ACL entries are different from the commands for configuring
numbered ACL entries. The command to configure a numbered ACL is access-list. The command
for configuring a named ACL is ip access-list. In addition, when you configure a numbered ACL
entry, you specify all the command parameters on the same command. When you configure a
named ACL, you specify the ACL type (standard or extended) and the ACL name with one command,
which places you in the configuration level for that ACL. Once you enter the configuration level for
the ACL, the command syntax is the same as the syntax for numbered ACLs.
Standard named ACL syntax
Syntax: [no] ip access-list standard <ACL-name> | <ACL-num>
Syntax: deny | permit <source-ip> | <hostname> <wildcard> [log]
or
Syntax: deny | permit <source-ip>/<mask-bits> | <hostname> [log]
Syntax: deny | permit host <source-ip> | <hostname> [log]
Syntax: deny | permit any [log]
Syntax: [no] ip access-group <ACL-name> in
The <ACL-name> parameter is the access list name. You can specify a string of up to 256
alphanumeric characters. You can use blanks in the ACL name if you enclose the name in
quotation marks (for example, “ACL for Net1”).
The <ACL-num> parameter allows you to specify an ACL number if you prefer. If you specify a
number, you can specify from 1 – 99 for standard ACLs.
NOTE
For convenience, the software allows you to configure numbered ACLs using the syntax for named
ACLs. The software also still supports the older syntax for numbered ACLs. Although the software
allows both methods for configuring numbered ACLs, numbered ACLs are always formatted in the
startup-config and running-config files in using the older syntax, as follows.
access-list 1 deny host 10.157.22.26 log
access-list 1 deny 10.157.22.0 0.0.0.255 log
access-list 1 permit any
access-list 101 deny tcp any any eq http log
The deny | permit parameter indicates whether packets that match a policy in the access list are
denied (dropped) or permitted (forwarded).
The <source-ip> parameter specifies the source IP address. Alternatively, you can specify the host
name.