Creating a numbered standard acl – Dell POWEREDGE M1000E User Manual

Page 746

Advertising
background image

34-10

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 34 Configuring Network Security with ACLs

Configuring IPv4 ACLs

Creating a Numbered Standard ACL

Beginning in privileged EXEC mode, follow these steps to create a numbered standard ACL:

Use the no access-list access-list-number global configuration command to delete the entire ACL. You
cannot delete individual ACEs from numbered access lists.

Note

When creating an ACL, remember that, by default, the end of the ACL contains an implicit deny
statement for all packets that it did not find a match for before reaching the end. With standard access
lists, if you omit the mask from an associated IP host address ACL specification, 0.0.0.0 is assumed to
be the mask.

This example shows how to create a standard ACL to deny access to IP host 171.69.198.102, permit
access to any others, and display the results.

Switch (config)# access-list 2 deny host 171.69.198.102

Switch (config)# access-list 2 permit any

Switch(config)# end

Switch# show access-lists

Standard IP access list 2

10 deny 171.69.198.102

20 permit any

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

access-list access-list-number {deny | permit}
source [source-wildcard] [log]

Define a standard IPv4 access list by using a source address and
wildcard.

The access-list-number is a decimal number from 1 to 99 or 1300
to 1999.

Enter deny or permit to specify whether to deny or permit access
if conditions are matched.

The source is the source address of the network or host from which
the packet is being sent specified as:

The 32-bit quantity in dotted-decimal format.

The keyword any as an abbreviation for source and
source-wildcard of 0.0.0.0 255.255.255.255. You do not need
to enter a source-wildcard.

The keyword host as an abbreviation for source and
source-wildcard of source 0.0.0.0.

(Optional) The source-wildcard applies wildcard bits to the
source.

(Optional) Enter log to cause an informational logging message
about the packet that matches the entry to be sent to the console.

Step 3

end

Return to privileged EXEC mode.

Step 4

show access-lists [number | name]

Show the access list configuration.

Step 5

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Advertising
Popular Brands
Popular manuals