Table of Contents
Advertisement
Chapter 99: ACL Commands
1568
ipaddress/mask: Matches packets that have a destination IP
address of a specific subnet or end node.
host ipaddress: Matches packets with a destination IP address
of a specific end node. The HOST keyword indicates that the
address is of a specific end node and that no mask is required.
vlan
Indicates a VLAN identifier. Specify a VLAN if you want the ACL to
filter tagged packets. Omit a VLAN if you want the ACL to filter
untagged packets. Specify a value between 1 and 4094. You can
enter only one VID.
Mode
Global Configuration mode
Description
Use this command to create Numbered IPv4 ACLs that identify traffic
flows based on ICMP and source and destination IP addresses.
Confirmation Commands
"SHOW ACCESS-LIST" on page 1635 and "SHOW INTERFACE
ACCESS-GROUP" on page 1637
Examples
This example adds a deny access list to port 16 so that it discards all
untagged ingress packets that are ICMP, regardless of their source or
destination address. The access list is assigned the ID number 3012.
Since the VID parameter is not included, this ACL applies to untagged
packets:
awplus> enable
awplus# configure terminal
awplus(config)# access-list 3012 deny icmp any any
awplus(config)# interface port1.0.16
awplus(config_if)# access-group 3012
awplus(config_if)# end
awplus# show access-list
awplus# show interface port1.0.16 access-group
Hide quick links:
Advertisement
Table of Contents
