Table of Contents
Advertisement
Configuring Access Lists
deny ip 150.136.0.0 0.0.255.255 224.0.0.0 15.255.255.255
deny ip 11.6.0.0 0.1.255.255 224.0.0.0 15.255.255.255 2)
deny ip 172.24.24.0 0.0.1.255 224.0.0.0 15.255.255.255
access-list (standard)
Use this command to define a standard IP access list by number when operating in router mode.
Restrictions defined by an access list are applied by using the ip access‐group command ("ip
access‐group" on page 24‐20).
Syntax
access-list access-list-number [insert | replace entry] | [log 1-5000 | all] [move
destination source1 [source2]] {deny | permit} source [source-wildcard]
no access-list access-list-number [entry]
To insert or replace an ACL entry:
access-list access-list-number insert | replace entry
To move entries within an ACL:
access-list access-list-number move destination source1 [source2]
Parameters
access‐list‐
number
insert | replace entry
log 1‐5000 | all
move destination
source1 source2
deny | permit
protocol
source
source‐wildcard
24-16 Security Configuration
Specifies a standard access list number. Valid values are from 1 to 99.
(Optional) Inserts this new entry before a specified entry in an existing
ACL, or replaces a specified entry with this new entry.
Enable syslog for ACL entry hits. Enable syslog for sequential number
of ACL entry or for all ACL entries
(Optional) Moves a sequence of access list entries before another entry.
Destination is the number of the existing entry before which this new
entry will be moved. Source1 is a single entry number or the first entry
number in the range to be moved. Source2 (optional) is the last entry
number in the range to be moved. If not specified, only the source1 entry
will be moved.
Denies or permits access if specified conditions are met.
Specifies an IP protocol for which to deny or permit access. Valid values
and their corresponding protocols are:
•
ip ‐ Any Internet protocol
•
icmp ‐ Internet Control Message Protocol
•
udp ‐ User Datagram Protocol
•
tcp ‐ Transmission Protocol
Specifies the network or host from which the packet will be sent. Valid
options for expressing source are:
•
IP address or range of addresses (A.B.C.D)
•
any ‐ Any source host
•
host source ‐ IP address of a single source host
(Optional) Specifies the bits to ignore in the source address.
access-list (standard)
- Quick Links:
- Set Ip Address
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the Enterasys Matrix DFE-Gold Series and is the answer not in the manual?