Foundry Networks Switch and Router Installation And Configuration Manual page 407

23. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device's flash memory.
NOTE: You also can access the dialog for saving configuration changes by clicking on Command in the tree
view, then clicking on Save to Flash.
Configuring Named ACLs
When you configure an IP ACL, you can refer to the ACL by a numeric ID or by a name.
• If you refer to the ACL by a numeric ID, you can use 1 – 99 for a standard ACL or 100 – 199 for an extended
ACL.
• If you refer to the ACL by a name, you specify whether the ACL is a standard ACL or an extended ACL, then
specify the name.
You can configure up to 100 named standard IP ACLs and 100 named extended IP ACLs. You also can configure
up to 100 standard ACLs and 100 extended ACLs by number. Regardless of how many ACLs you have, the
device can have a maximum of 1024 ACL entries, associated with the ACLs in any combination. (On BigIron
Chassis devices with Management II or Management III modules, the maximum is 2048.)
To configure a named IP ACL, use the following CLI method.
USING THE CLI
The commands for configuring named ACL entries are different from the commands for configuring numbered
ACL entries. The command to configure a numbered ACL is access-list. The command for configuring a named
ACL is ip access-list. In addition, when you configure a numbered ACL entry, you specify all the command
parameters on the same command. When you configure a named ACL, you specify the ACL type (standard or
extended) and the ACL number with one command, which places you in the configuration level for that ACL.
Once you enter the configuration level for the ACL, the command syntax is the same as the syntax for numbered
ACLs.
The following examples show how to configure a named standard ACL entry and a named extended ACL entry.
Configuration Example for Standard ACL
To configure a named standard ACL entry, enter commands such as the following.
BigIron(config)# ip access-list standard Net1
BigIron(config-std-nac1)# deny host 209.157.22.26 log
BigIron(config-std-nac1)# deny 209.157.29.12 log
BigIron(config-std-nac1)# deny host IPHost1 log
BigIron(config-std-nac1)# permit any
BigIron(config-std-nac1)# exit
BigIron(config)# int eth 1/1
BigIron(config-if-1/1)# ip access-group Net1 out
The commands in this example configure a standard ACL named "Net1". The entries in this ACL deny packets
from three source IP addresses from being forwarded on port 1/1. Since the implicit action for an ACL is "deny",
the last ACL entry in this ACL permits all packets that are not explicitly denied by the first three ACL entries. For
an example of how to configure the same entries in a numbered ACL, see "Configuring Standard ACLs" on
page 13-6.
Notice that the command prompt changes after you enter the ACL type and name. The "std" in the command
prompt indicates that you are configuring entries for a standard ACL. For an extended ACL, this part of the
command prompt is "ext". The "nacl" indicates that are configuring a named ACL.
Syntax: ip access-list extended | standard <string> | <num>
The extended | standard parameter indicates the ACL type.
The <string> parameter is the ACL name. You can specify a string of up to 256 alphanumeric characters. You
can use blanks in the ACL name if you enclose the name in quotation marks (for example, "ACL for Net1"). The
December 2000
Using Access Control Lists (ACLs)
13 - 19