KB.15.15

create a standard access list with an alphanumeric name ( name-str) instead of

a number, see “Configuring named, standard ACLs” (page 259).

Specifies whether the ACE denies or permits a packet matching the criteria in the

ACE, as described next.

Defines the source IPv4 address (SA) a packet must carry for a match with the ACE.

• any - Allows IPv4 packets from any SA.

• host < SA > - Specifies only packets having < SA > as the source. Use this

criterion when you want to match only the IPv4 packets from a single SA.

SA < mask > or SA /mask–length - Specifies packets received from an SA,

where the SA is either a subnet or a group of IPv4 addresses. The mask format can

be in either dotted-decimal format or CIDR format (number of significant bits). See

“How an ACE uses a mask to screen packets for matches” (page 322).

SA Mask application: The mask is applied to the SA in the ACE to define which

bits in a packet's SA must exactly match the SA configured in the ACL and which

bits need not match.

Example

10.10.10.1/24 and 10.10.10.1 0.0.0.255 both define any address in the range

of 10.10.10.(1 - 255).

NOTE: Specifying a group of contiguous addresses may require more than one

ACE. For more on how masks operate in ACLs, see “How an ACE uses a mask to

screen packets for matches” (page 322).

[log]

This option can be used after the SA to generate an Event Log message if:

• The action is deny or permit.

• There is a match.

• ACL logging is enabled.

(See “Enabling ACL logging on the switch” (page 294).)

Creating and viewing a standard ACL

This example creates a standard, numbered ACL with the same ACE content as show in

Figure 181 (page 260).

262 IPv4 Access Control Lists (ACLs)