Table of Contents
Advertisement
Chapter 98: Advanced Access Control Lists (ACLs)
Table 170. IP ACCESS-LIST Commands for Creating Named IPv4 ACLs (Continued)
To Do This Task
Define a Named IPv4 Address ACL that
filters traffic flows based on protocol
numbers and source and destination IP
addresses.
Define a Named IPv4 Address ACL that
filters TCP packets based on source and
destination IP addresses.
Define a Named IPv4 Address ACL that
filters UDP packets based on source and
destination IP addresses.
Command
awplus> enable
awplus# configure terminal
awplus(config)# ip access-list
icmppermit
awplus(config-ip-acl)# permit icmp
any any vlan 12
awplus> enable
awplus# configure terminal
1536
This example creates a Named IPv4 ICMP ACL, called "icmppermit," that
permits ICMP packets from any IP source address to any IP destination
address on VLAN 12:
Table 171. Named IPv4 ACL ICMP Permit Example
This example creates a Named IPv4 ACL, called "tcpdeny," that denies
TCP packets from source IPv4 address 152.12.45.2/32 to destination IPv4
address 152.12.45.3/32 on VLAN 5:
Table 172. Named IPv4 ACL TCP Deny Example
Command
Use this Command
proto protocol_number
action
scr_ip_address dest_ipaddress
time-range
[vlan
tcp
action
scr_ipaddress
gt|lt|ne|range|eq
dest_ipaddress gt|lt|ne|range|eq
dsp_tcp_port time-range
action
udp
scr_ipaddress
gt|lt|ne|range|eq src_upd_port
dest_ipaddress gt|lt|ne|range|eq
time-range
dst_upd_port
Description
Enter the Privileged Executive mode from the
User Executive mode.
Enter the Global Configuration mode.
Create a named IPv4 ACL called
"icmppermit" and enter the IP ACL mode.
Allow the filter to permit ICMP ingress
packets from any source IPv4 address to any
destination IPv4 address on VLAN 12.
Enter the Privileged Executive mode
from the User Executive mode.
Enter the Global Configuration mode.
vid
]
src_tcp_port
vid
[vlan
vid
[vlan
Description
]
]
Hide quick links:
Advertisement
Table of Contents
