ACL Configuration Examples
This section contains the following examples:
•
"Basic Rules" on page 628
•
"Internal System ACLs" on page 629
•
"Complete ACL Example" on page 629
•
"Advanced Examples" on page 633
•
"Policy Based Routing Examples" on page 640
NOTE:
None of these ACL rules are applicable to the OOB interface.
Basic Rules
•
Inbound rule allowing all packets:
permit every
Administrators should be cautious when using the permit every rule in an
access list, especially when using multiple access lists. All packets match a
permit every rule and no further processing is done on the packet. This
means that a permit every match in an access list will skip processing
subsequent rules in the current or subsequent access-lists and allow all
packets not previously denied by a prior rule.
•
Inbound rule to drop all packets:
As the last rule in a list, this rule is redundant as an implicit "deny every" is
added after the end of the last access-group configured on an interface.
deny every
Administrators should be cautious when using the deny every rule in an
access list, especially when using multiple access lists. When a packet
matches a rule, no further processing is done on the packet. This means
that a deny every match in an access list will skip processing subsequent
rules in the current or subsequent access-lists and drop all packets not
previously allowed by a prior rule.
•
Inbound rule allowing access FROM hosts with IP addresses ranging from
10.0.46.0 to 10.0.47.254:
628
Configuring Access Control Lists