Table of Contents
Advertisement
Chapter 12
Configuring Traffic Filtering
Configuring Receive ACLs
To configure receive ACLs, enter the following commands beginning in global configuration mode:
Command
Step 1
Router(config)# ip receive acl number
Step 2
Router(config)# access-list
access-list-number {deny | permit} source
[source-wildcard] [log]
or
Router (config)# access-list
access-list-number [dynamic dynamic-name
[timeout minutes]] {deny | permit}
protocol source source-wildcard
destination destination-wildcard
[precedence precedence] [tos tos] [log |
log-input] [time-range time-range-name]
Verifying Receive ACLs
To verify the configuration of receive ACLs, enter any of the following commands in privileged EXEC
mode:
Command
Router# show access-lists
Router# show access-lists [access-list-number |
access-list-name]
Router# show ip access-list
Router# show ip access-list [access-list-number |
access-list-name]
Configuration Example for IP Receive ACLs
Example 12-1
ACL (100) do the following:
•
•
•
•
•
•
OL-2226-23
shows how to configure an extended IP receive ACL. The ACEs of this numbered
Deny fragmented ping operations
Permit the router to respond to ping operations
Permit FTP operations from network 192.168.1.0
Permit OSPF routing updates
Permit BGP routing updates from the host 10.0.0.1
Deny any other IP traffic
Purpose
Activates receive ACLs and begins filtering packets destined for
the router.
Defines a standard IP access list.
Defines an extended IP access list.
The timeout argument and the time-range argument are
Note
not supported on Cisco IOS Release 12.3(7)XI1.
Purpose
Displays the contents of all current standard and extended access
lists. (Default)
Displays the contents of the access list you specify.
Displays the contents of all current standard and extended IP
access lists. (Default)
Displays the contents of the IP access list you specify.
Cisco 10000 Series Router Software Configuration Guide
IP Receive ACLs
12-3
Advertisement
Table of Contents
Troubleshooting
