Standard named acl syntax – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 108

Advertising
background image

88

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Standard named ACL configuration

Standard ACLs permit or deny packets based on source IP address. You can configure up to 99
standard named ACLs. There is no limit to the number of ACL entries an ACL can contain except for
the system-wide limitation. For the number of ACL entries supported on a device, refer to

“ACL IDs

and entries”

on page 83.

The commands for configuring named ACL entries are different from the commands for configuring
numbered ACL entries. The command to configure a numbered ACL is access-list. The command
for configuring a named ACL is ip access-list. In addition, when you configure a numbered ACL
entry, you specify all the command parameters on the same command. When you configure a
named ACL, you specify the ACL type (standard or extended) and the ACL name with one command,
which places you in the configuration level for that ACL. Once you enter the configuration level for
the ACL, the command syntax is the same as the syntax for numbered ACLs.

Standard named ACL syntax

Syntax: [no] ip access-list standard ACL-name | ACL-num

Syntax: deny | permit source-ip | hostname wildcard [log]

or

Syntax: deny | permit source-ip/mask-bits | hostname [log]

Syntax: deny | permit host source-ip | hostname [log]

Syntax: deny | permit any [log]

Syntax: [no] ip access-group ACL-name in | out

The ACL-name parameter is the access list name. You can specify a string of up to 256
alphanumeric characters. You can use blanks in the ACL name if you enclose the name in
quotation marks (for example, “ACL for Net1”).

The ACL-num parameter allows you to specify an ACL number if you prefer. If you specify a number,
you can specify from 1–99 for standard ACLs.

NOTE

For convenience, the software allows you to configure numbered ACLs using the syntax for named
ACLs. The software also still supports the older syntax for numbered ACLs. Although the software
allows both methods for configuring numbered ACLs, numbered ACLs are always formatted in the
startup-config and running-config files in using the older syntax, as follows.

access-list 1 deny host 10.157.22.26 log
access-list 1 deny 10.157.22.0 0.0.0.255 log
access-list 1 permit any
access-list 101 deny tcp any any eq http log

The deny | permit parameter indicates whether packets that match a policy in the access list are
denied (dropped) or permitted (forwarded).

The source-ip parameter specifies the source IP address. Alternatively, you can specify the host
name.

Advertising
Popular Brands
Popular manuals