Chapter 7: access control lists, Configuring access control lists, Setting the acl name and type – Asante Technologies 40240/40480-10G User Manual

If the “TCP” protocol is specified, then you can also filter packets based on the
TCP control code.

- IPv6 Standard: IPv6 ACL mode that filters packets based on the source IPv6

address.

- IPv6 Extended: IPv6 ACL mode that filters packets based on the destination IP

address, as well as the type of the next header and the flow label (i.e., a request
for special handling by IPv6 routers).

- MAC: MAC ACL mode that filters packets based on the source or destination

MAC address and the Ethernet frame type (RFC 1060).

Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field,
select the list type (IP Standard, IP Extended, MAC, IPv6 Standard, IPv6 Extended),
and click Add to open the configuration page for the new list.

Figure 7-1 Selecting ACL Type

CLI – This example creates a standard IP ACL named bill.

Console(config)#access-list ip standard bill

Console(config-std-acl)#

26-2

Configuring a Standard IPv4 ACL

Command Attributes

•

Action – An ACL can contain any combination of permit or deny rules.

• Address Type – Specifies the source IP address. Use “Any” to include all possible

addresses, “Host” to specify a specific host address in the Address field, or “IP” to
specify a range of addresses with the Address and SubMask fields. (Options: Any,
Host, IP; Default: Any)

• IP Address – Source IP address.

•

Subnet Mask – A subnet mask containing four integers from 0 to 255, each

separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to
indicate “ignore.” The mask is bitwise ANDed with the specified source IP address,
and compared with the address for each IP packet entering the port(s) to which this
ACL has been assigned.

7-2

Access Control Lists

7