Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring ACLs (Rev. 03)
Overview
© 2008 Foundry Networks, Inc
Page 15 of 50
Figure 6: Standard ACL Configuration Example
device-name
(config)#
access-list 1 permit host 192.98.2.1
device-name
(config)#
access-list 1 deny 192.98.0.0/16
device-name
(config)#
access-list 1 permit 192.0.0.0/8
To apply this ACL to interface 1/1/1, use the
ip access-group
command:
device-name
(config)#
interface 1/1/1
device-name
(config-if 1/1/1)#
ip access-group 1
Creating an Extended IP ACL
The extended
access-list
command, in Global Configuration mode, creates an extended IP ACL.
The
no
form of this command removes the specified ACL.
The extended ACL filters the traffic by the following parameters:
•
Source IP address in the IP packet header.
•
Destination IP address in the IP packet header.
•
IP protocol in the IP packet header.
•
ToS in the IP packet header (see
Table 7
for valid literal values).
•
Precedence in the IP packet header (see
Table 6
for valid literal values).
•
TCP/UDP source port number in the TCP/UDP packet header (see
Table 10
for TCP port valid literal values and
Table 11
for UDP port valid literal
values).
•
TCP/UDP destination port number in the TCP/UDP packet header (see
Table
10
for TCP port valid literal values and
Table 11
for UDP port valid literal
values).
•
Specifying an established connection; used only for TCP protocol.
•
ICMP message type in the ICMP packet header (see
Table 8
for valid literal
values).