Using the CLI To Create an ACL
Command
access-list (standard ACLs)
access-list (extended ACLs)
ip access-list (named ACLs)
You can use either the switch CLI or an offline text editor to create an ACL.
This section describes the CLI method, which is recommended for creating
short ACLs. (To use the offline method, refer to "Editing ACLs and Creating
an ACL Offline" on page 9-61.)
General ACE Rules
These rules apply to all ACEs you create or edit using the CLI:
ACEs are placed in an ACL according to the sequence in which you
■
enter them (last entered, last listed).
You can use the CLI to delete an ACE from anywhere in a given ACL
■
by using the "no" form of the command to enter that ACE. However,
when you use the CLI to add an ACE, the new entry is always placed
at the end of the ACL.
■
Duplicate ACEs are not allowed in an ACL, however the same ACE
can be configured for multiple ACLs.
For more information, refer to "Editing ACLs and Creating an ACL Offline" on
page 9-61.
Using CIDR Notation To Enter the ACL Mask
You can use CIDR (Classless Inter-Domain Routing) notation to enter ACL
masks. The switch interprets the bits specified with CIDR notation as the IP
address bits in an ACL and the corresponding IP address bits in a packet. The
switch then converts the mask to inverse notation for ACL use.
IPv4 Access Control Lists (ACLs)
Configuring and Assigning an ACL
Page
9-40
9-45
9-51
9-39