Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

401

402

403

404

405

406

407

408

409

410

368 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring extended numbered ACLs

NOTE

If you use the CIDR format, the ACL entries appear in this format in the running-config and

startup-config files, but are shown with subnet mask in the display produced by the show ip

access-list command.

The host <source-ip> | <hostname> parameter lets you specify a host IP address or name. When

you use this parameter, you do not need to specify the mask. A mask of all zeros (0.0.0.0) is

implied.

The any parameter configures the policy to match on all host addresses.

The log argument configures the device to generate Syslog entries and SNMP traps for packets that

are denied by the access policy.

The in parameter applies the ACL to incoming traffic on the interface to which you apply the ACL.

You can apply the ACL to an Ethernet port or virtual interface.

NOTE

If the ACL is bound to a virtual routing interface, you also can specify a subset of ports within the

VLAN containing that interface when assigning an ACL to the interface.

Configuration example for standard named ACLs

To configure a standard named ACL, enter commands such as the following.

The commands in this example configure a standard ACL named “Net1”. The entries in this ACL

deny packets from three source IP addresses from being forwarded on port 1. Since the implicit

action for an ACL is “deny”, the last ACL entry in this ACL permits all packets that are not explicitly

denied by the first three ACL entries. For an example of how to configure the same entries in a

numbered ACL, refer to “Configuring standard numbered ACLs” on page 364.

Notice that the command prompt changes after you enter the ACL type and name. The “std” in the

command prompt indicates that you are configuring entries for a standard ACL. For an extended

ACL, this part of the command prompt is “ext“. The “nACL” indicates that you are configuring a

named ACL.

Configuring extended numbered ACLs

This section describes how to configure extended numbered ACLs.

Extended ACLs let you permit or deny packets based on the following information:

• IP protocol

• Source IP address or host name

PowerConnect(config)#ip access-list standard Net1

PowerConnect(config-std-nACL)# deny host 209.157.22.26 log

PowerConnect(config-std-nACL)# deny 209.157.29.12 log

PowerConnect(config-std-nACL)# deny host IPHost1 log

PowerConnect(config-std-nACL)# permit any

PowerConnect(config-std-nACL)# exit

PowerConnect(config)#int eth 1

PowerConnect(config-if-e10000-1)# ip access-group Net1 in