Dell PowerConnect B-RX Configuration Manual page 594
Bigiron rx series supporting multi-service ironware v02.7.03
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
21
Configuring numbered and named ACLs
Standard ACLs permit or deny packets based on source IP addresses. You can configure up to 99
standard ACLs. There is no limit to the number of ACL entries an ACL can contain, except for the
system-wide limitation. For the number of ACL entries supported on a BigIron RX, refer to
and entries"
To configure a standard ACL and apply it to outgoing traffic on port 1/1, enter the following
commands.
BigIron RX(config)# access-list 1 deny host 209.157.22.26 log
BigIron RX(config)# access-list 1 deny 209.157.29.12 log
BigIron RX(config)# access-list 1 deny host IPHost1 log
BigIron RX(config)# access-list 1 permit any
BigIron RX(config)# int eth 1/1
BigIron RX(config-if-e10000-1/1)# ip access-group 1 in
BigIron RX(config)# write memory
The commands in this example configure an ACL to deny packets from three source IP addresses
from being forwarded on port 1/1. The last ACL entry in this ACL permits all packets that are not
explicitly denied by the first three ACL entries.
Standard ACL syntax
Syntax: [no] access-list <num> deny | permit <source-ip> | <hostname> <wildcard> [log]
or
Syntax: [no] access-list <num> deny | permit <source-ip>/<mask-bits> | <hostname> [log]
Syntax: [no] access-list <num> deny | permit host <source-ip> | <hostname> [log]
Syntax: [no] access-list <num> deny | permit any [log]
Syntax: [no] ip access-group <num> in
The 16 x 10 GE module only supports the following standard ACLs.
Syntax: [no] ip access-list <num> deny | permit <ip-protocol>
Parameters to configure standard ACL statements
<num>
deny | permit
<source-ip> | <hostname>
<destination-ip> |
<hostname>
NOTE: To specify the host name instead of the IP address, the host name must be configured using the ip dns
522
on page 517.
<source-ip> | <hostname> <wildcard>
[<operator> <source-tcp/udp-port>]
<destination-ip> | <hostname> <wildcard>
[<operator> <destination-tcp/udp-port>]
[match-all <tcp-flags>] [match-any <tcp-flags>]
[<icmp-type>] [established] [precedence <name> | <num>]
Enter 1 – 99 for a standard ACL.
Enter deny if the packets that match the policy are to be dropped; permit if they are
to be forwarded.
Specify the source IP address for the policy. Alternatively, you can specify the host
name. If you want the policy to match on all source addresses, enter any.
Specify the destination IP address for the policy. Alternatively, you can specify the
host name. If you want the policy to match on all destination addresses, enter any.
server-address... command at the global CONFIG level of the CLI.
"ACL IDs
BigIron RX Series Configuration Guide
53-1001986-01
Advertisement
Chapters
Table of Contents
