Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
How to Configure ACL Support for Filtering IP Options
• The ACL Support for Filtering IP Options feature can be used only with named, extended ACLs.
Note
• Resource Reservation Protocol (RSVP) Multiprotocol Label Switching Traffic Engineering (MPLS
• On most Cisco devices, a packet with IP options is not switched in hardware, but requires control
SUMMARY STEPS
1. enable
2. configure terminal
3. ip access-list extended access-list-name
4. [sequence-number] deny protocol source source-wildcard destination destination-wildcard [option
option-value] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
5. [sequence-number] permit protocol source source-wildcard destination destination-wildcard [option
option-value] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
6. Repeat Step 4 or Step 5 as necessary.
7. end
8. show ip access-lists access-list-name
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Device> enable
Step 2
configure terminal
Example:
Device# configure terminal
Step 3
ip access-list extended access-list-name
Example:
Device(config)# ip access-list extended mylist1
Step 4
[sequence-number] deny protocol source
source-wildcard destination destination-wildcard
[option option-value] [precedence precedence] [tos
tos] [log] [time-range time-range-name] [fragments]
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1238
TE), Internet Group Management Protocol Version 2 (IGMPV2), and other protocols that use IP
options packets may not function in drop or ignore mode if this feature is configured.
plane software processing (primarily because there is a need to process the options and rewrite the
IP header), so all IP packets with IP options will be filtered and switched in software.
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
Specifies the IP access list by name and enters named access
list configuration mode.
(Optional) Specifies a deny statement in named IP access list
mode.
• This access list happens to use a denystatement first, but
a permit statement could appear first, depending on the
order of statements you need.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
