Dell Networking N4000 Series Configuration Manual page 630
Stackable layer 2 and 3 switches
Hide thumbs
Also See for Networking N4000 Series:
- Getting started manual (378 pages) ,
- Configuration manual (17 pages) ,
- Reference manual (2332 pages)
Table of Contents
Advertisement
ip access-list Allow-10-1-1-x
permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.0.255
permit icmp 10.1.1.0 0.0.0.255 any
permit ip 0.0.0.0 255.255.255.255 any
permit udp any any eq domain
exit
interface gi1/0/1
mac access-group Allow-ARP in 10
ip access-group Allow-10-1-1-x in 20
exit
Another list on the 192.168.0.x network attached port (gi1/0/2) is configured
for this example. Because the two access lists are complementary/end-to-end,
it is necessary to allow ICMP packets to travel between the attached hosts.
ip access-list Allow-192-168-0-x
permit ip 192.168.0.0 0.0.0.255 10.1.1.0 0.0.0.255
permit icmp 192.168.0.0 0.0.0.255 any
permit udp any any eq domain
exit
interface gi1/0/2
mac access-group Allow-ARP in 10
ip access-group Allow-192-168-0-x in 20
exit
Consider the following inbound rules that allow Telnet connections and UDP
traffic from the 192.168.0.x network to host 10.1.1.23:
ip access-list Host10-1-1-23
! Permit Telnet traffic from 192.168.0.X network to host 10.1.1.23
permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23 eq telnet
! Permit TCP traffic from 192.168.0.X network to host 10.1.1.23
permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23
! Permit UDP traffic from 192.168.0.X network to host 10.1.1.23
permit udp 192.168.0.0 0.0.0.255 host 10.1.1.23
! Permit IP traffic from 192.168.0.X network to 10.1.1.x network
permit ip 192.168.0.0 0.0.0.255 10.1.1.23 0.0.0.255
In the above list, the fourth rule allows all IP packets between the network
and host. The narrower scope of the first three rules is redundant, as all IP
traffic, including TCP and UDP, is permitted by the fourth rule. The
630
Configuring Access Control Lists
Hide quick links:
Advertisement
Table of Contents
