Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
The mask is applied to the IP address in the ACL to define
which bits in a packet's source IP address must exactly
match the IP address configured in the ACL and which
bits need not match. Note that specifying a group of
contiguous IP addresses may require more than one
ACE. For more on how masks operate in ACLs, refer to
"How an ACE Uses a Mask To Screen Packets for Matches"
on page 10-30.
[ log]
Optionally generates an ACL log message if:
•
•
• ACL logging is enabled on the switch. (Refer to
(Use the debug command to direct ACL logging output to
the current console session and/or to a Syslog server. Note
that you must also use the logging < ip-addr > command to
specify the IP addresses of Syslog servers to which you want
log messages sent. See also "Enable ACL "Deny" Logging"
on page 10-71.)
Syntax: interface < port-list | trunk > access-group < ASCII-STR > in
Assigns an ACL, designated by an ACL ID (<
to an interface ( list of one or more ports and/or one or more
static trunks).
Example of a Standard ACL. Suppose you wanted to configure a standard
ACL and assign it to filter inbound traffic on port 10 in a particular switch:
The ID you selected for this ACL is "50".
■
You want the ACL to deny IP traffic from all hosts except these three:
■
•
10.128.100.10
•
10.128.100.27
•
10.128.100.14
The action is deny.
There is a match.
"Enable ACL "Deny" Logging" on page 10-71.)
Configuring and Assigning an ACL
ASCII-STR
>),
10-45