always functions when the switch uses an ACL to filter packets. (You
cannot delete the implicit "deny any", but you can supersede it with a
"permit any" statement.)
Standard ACL Structure
Individual ACEs in a standard ACL include only a permit/deny "type" state
ment, the source IP addressing, and an optional log command (available with
"deny" statements).
ip access-list < type > "< id-string >"
permit host < source-ip-address >
deny < source-ip-address > < acl-mask > [log]
.
.
.
permit any
exit
Figure 9-6. Example of the General Structure for a Standard ACL
For example, figure 9-7 shows how to interpret the entries in a standard ACL.
ACE Action
(permit or deny)
End-of-List Marker
Figure 9-7. Example of a Displayed Standard ACL Configuration with Two ACEs
Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
Source IP Address
ACL List Heading with
List Type and ID String
(Name or Number)
Optional Logging
Command
Mask
9-27