Table of Contents
Advertisement
ACL Commands
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Command Mode
Global Configuration mode
User Guidelines
Use the ip access-list command to configure IP address filtering. Access lists are
configured with permit or deny keywords to either permit or deny an IP address
based on a matching condition. An implicit deny is applied to address that does
not match any access-list entry.
An access-list entry consists of an IP address and a bit mask. The bit mask is a
number from 1 to 32.
Evaluation of an IP address by an access list starts with the first entry of the list
and continues down the list until a match is found. When the IP address match is
found, the permit or deny statement is applied to that address and the remainder
of the list is not evaluated.
Use the no ip access-list command to delete the access list.
In addition to filtering IP traffic on a per port base, a basic IP access control list can
be used by RIP (Routing Information Protocol) to filter route updates.
Examples
Example 1 - The following example of a standard access list allows only the three
specified networks. Any IP address that does not match the access list statements
will be rejected.
switchxxxxxx(config)# ip access-list 1 permit 192.168.34.0/24
switchxxxxxx(config)# ip access-list 1 permit 10.88.0.0/16
switchxxxxxx(config)# ip access-list 1 permit 10.0.0.0/8
Note: all other access is implicitly denied.
Example 2 - The following example of a standard access list allows access for IP
addresses in the range from 10.29.2.64 to 10.29.2.127. All IP addresses not in this
range will be rejected.
switchxxxxxx(config)# ip access-list apo permit 10.29.2.64/26
Note: all other access is implicitly denied.
2
78
Advertisement
Table of Contents
