host
Usage Guidelines
Use this command to deny traffic based on the source IP address or network address. The
last ACE in the access list is an implicit deny statement.
Whenever the interface receives the packet, its content is checked against all the ACEs
in the ACL. It is allowed/denied based on the ACL configuration.
Example
The example below denies all traffic entering the interface (a log message is generated
whenever the interface receives a packet):
WS5100(config-std-nacl)#deny any log rule-precedence 50
WS5100(config-std-nacl)#
The example below denies traffic from the source network (xxx.xxx.1.0/24) and allows
all other traffic to flow through the interface:
WS5100(config-std-nacl)#deny xxx.xxx.1.0/24 rule-precedence 60
WS5100(config-std-nacl)#permit any
15.1.3 end
Standard ACL Config Commands
Ends and exits from the current mode and moves to the PRIV EXEC mode. The prompt
changes to
Syntax
end
Parameters
None
Example
WS5100(config-std-nacl)#end
WS5100#
Single host address.
• A.B.C.D – Exact source IP address to match.
NOTE: The log option is functional only for router ACL's. The log option
results in an informational logging message for the packet matching the
entry sent to the console.
WS5100#
Standard ACL Instance
15-3