Configuring extended numbered acls – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 939

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

905

53-1003053-01

Configuring extended numbered ACLs

The commands in this example configure a standard ACL named “Net1”. The entries in this ACL
deny packets from three source IP addresses from being forwarded on port 1. Since the implicit
action for an ACL is “deny”, the last ACL entry in this ACL permits all packets that are not explicitly
denied by the first three ACL entries. For an example of how to configure the same entries in a
numbered ACL, refer to

“Configuring standard numbered ACLs”

on page 901.

Notice that the command prompt changes after you enter the ACL type and name. The “std” in the
command prompt indicates that you are configuring entries for a standard ACL. For an extended
ACL, this part of the command prompt is “ext“. The “nACL” indicates that you are configuring a
named ACL.

Configuring extended numbered ACLs

This section describes how to configure extended numbered ACLs.

Extended ACLs let you permit or deny packets based on the following information:

IP protocol

Source IP address or host name

Destination IP address or host name

Source TCP or UDP port (if the IP protocol is TCP or UDP)

Destination TCP or UDP port (if the IP protocol is TCP or UDP)

The IP protocol can be one of the following well-known names or any IP protocol number from 0 –
255:

Internet Control Message Protocol (ICMP)

Internet Group Management Protocol (IGMP)

Internet Gateway Routing Protocol (IGRP)

Internet Protocol (IP)

Open Shortest Path First (OSPF)

Transmission Control Protocol (TCP)

User Datagram Protocol (UDP)

For TCP and UDP, you also can specify a comparison operator and port name or number. For
example, you can configure a policy to block web access to a specific website by denying all TCP
port 80 (HTTP) packets from a specified source IP address to the website IP address.

NOTE

TurboIron X Series devices support extended ACLs.

TurboIron(config)#ip access-list standard Net1

TurboIron(config-std-nACL)#deny host 10.157.22.26 log

TurboIron(config-std-nACL)#deny 10.157.29.12 log

TurboIron(config-std-nACL)#deny host IPHost1 log

TurboIron(config-std-nACL)#permit any

TurboIron(config-std-nACL)#exit

TurboIron(config)#int eth 1

TurboIron(config-if-e10000-1)#ip access-group Net1 in

Advertising
Popular Brands
Popular manuals