DGS-6604
ip access-list
CLI Reference Guide
225
ip access-list
Use the command to create or modify an IP access list. This command enters
the user interface into the
ip access-list configuration
mode. Use no command
to remove an IP access-list.
ip access-list [extended]
NAME
no ip access-list [extended]
NAME
Default
Deny all traffic (implicit).
Command Mode
Global configuration
Usage Guideline
The access list is always terminated by an implicit deny statement for all traffic
and that is the default statement.
When applying an IP access list to an interface, only one IP access list can be
applied.
The name must be unique among all (including MAC, IP, or IPv6) access-lists
and the characters are case sensitive.
An error message will appear if the allowed number is exceeded after execution
of the command.
An IP access list can not be deleted if it is applied at an interface.
An IP extended access-list can only be grouped with an interface, but not any
other S/W modules (such as PIM-DM, etc).
Examples
This example shows how configure an extended IP access-list, named Strict-
Control and an IP access list, named pim-srcfilter.
Verify the settings by entering the
show access-list
command.
Syntax Description
extended
(Optional) Used to create an IP access list (a list of related IP addresses such as
source IP addresses or destination IP addresses) or an IP extended access-list
(more information can be chosen).
NAME
The name of the IP access list to be configured. The syntax is a general string
that does not allow spaces, up to 32 characters in length.
Switch(config)#ip access-list extended Strict-Control
Swtich(config-ip-ext-acl)#permit tcp any 10.20.0.0 255.255.0.0
Swtich(config-ip-ext-acl)#exit
Swtich(config)#ip access-list pim-srcfilter
Switch(config-ip-acl)#permit host 172.16.65.193 any
Switch(config-ip-acl)#
Summary of Contents for DGS-6600 Series
Page 1: ...0 9 3 ...