Configuring standard or extended named acls, Configuring standard or extended, Named acls – Brocade BigIron RX Series Configuration Guide User Manual
Page 689
BigIron RX Series Configuration Guide
611
53-1002484-04
Configuring numbered and named ACLs
22
Configuring standard or extended named ACLs
The commands for configuring named ACL entries are different from the commands for configuring
numbered ACL entries. The command to configure a numbered ACL is access-list. The command
for configuring a named ACL is ip access-list. In addition, when you configure a numbered ACL
entry, you specify all the command parameters on the same command. When you configure a
named ACL, you specify the ACL type (standard or extended) and the ACL number with one
command, which places you in the configuration level for that ACL. Once you enter the
configuration level for the ACL, the command syntax is the same as the syntax for numbered ACLs.
The following examples show how to configure a named standard ACL entry and a named extended
ACL entry.
Configuration example for standard ACL
To configure a named standard ACL entry, enter commands such as the following.
The commands in this example configure a standard ACL named “Net1”. The entries in this ACL
deny packets from three source IP addresses from being forwarded on port 1/1. Since the implicit
action for an ACL is “deny”, the last ACL entry in this ACL permits all packets that are not explicitly
denied by the first three ACL entries. For an example of how to configure the same entries in a
numbered ACL, refer to
“Configuring standard numbered ACLs”
Notice that the command prompt changes after you enter the ACL type and name. The “std” in the
command prompt indicates that you are configuring entries for a standard ACL. For an extended
ACL, this part of the command prompt is “ext“. The “nacl” indicates that are configuring a named
ACL.
Syntax: ip access-list standard <string> | <num>
Syntax: [no] ip access-list standard <string> | <num> deny | permit <source-ip> | <hostname>
<wildcard> [log]
or
Syntax: [no] ip access-list standard <string> | <num> deny | permit <source-ip>/<mask-bits> |
<hostname> [log]
Syntax: [no] ip access-list standard <string> | <num> deny | permit host <source-ip> |
<hostname> [log]
Syntax: [no] ip access-list standard <string> | <num> deny | permit any [log]
Syntax: [no] ip access-group <num> in
The standard parameter indicates the ACL type.
The 16 x 10 GE module only supports the following standard named ACLs.
Syntax: [no] ip access-list standard <string> | <num> deny | permit <source-ip> |
<hostname> | <source-ip>/<mask-bits> | <hostname><wildcards> [log]
BigIron RX(config)# ip access-list standard Net1
BigIron RX(config-std-nacl)# deny host 209.157.22.26 log
BigIron RX(config-std-nacl)# deny 209.157.29.12 log
BigIron RX(config-std-nacl)# deny host IPHost1 log
BigIron RX(config-std-nacl)# exit
BigIron RX(config)# interface ethernet 1/1
BigIron RX(config-if-e10000-1/1)# ip access-group Net1 in