5-33
Cisco SCE 8000 10GBE Software Configuration Guide
OL-30621-02
Chapter 5 Configuring the Management Interface and Security
Configuring Access Control Lists (ACLs)
Note
The Cisco SCE Platform will respond to
ping
commands only from IP addresses that are allowed access.
Pings from a non-authorized address will not receive a response from the Cisco SCE platform, as ping
uses ICMP protocol.
Options
The following options are available:
•
number—
The ID number assigned to the Access Control List
•
ip-address—
The IP address of the interface to be permitted or denied. Enter in x.x.x.x format.
•
ip-address/mask—
Configures a range of addresses in the format x.x.x.x y.y.y.y where x.x.x.x
specifies the prefix bits common to all IP addresses in the range, and y.y.y.y is a wildcard-bits mask
specifying the bits that are ignored. In this notation, ‘0’ means bits to ignore.
The following keywords are available:
•
permit—
The specified IP addresses have permission to access the Cisco SCE platform.
•
deny—
The specified IP addresses are denied access to the Cisco SCE platform.
Adding Entries to an ACL
Step 1
Type
configure
and press
Enter
.
Enables Global Configuration mode.
Step 2
Enter the desired IP address or addresses.
•
To configure one IP address type:
access-list
number
permit|deny
ip-address
and press
Enter
.
•
To configure more than one IP address type:
access-list
number
permit|deny
ip-address/mask
and press
Enter
.
When you add a new entry to an ACL, it is always added to the end of the list.
Adding Entries to an ACL: Example
The following example adds an entry to the access list number 1, that permits access only to IP addresses
in the range of 10.1.1.0–10.1.1.255.
SCE(config)#access-list 1 permit 10.1.1.0 0.0.0.255
Removing an ACL
Use this command to remove an ACL with all its entries.
From the SCE(config)# prompt, type:
Command
Purpose
no access-list
number
Removes the specified ACL with all its entries.