Using Access Control Lists (ACLs)
December 2000
13 - 19
23. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
NOTE:
You also can access the dialog for saving configuration changes by clicking on Command in the tree
view, then clicking on Save to Flash.
Configuring Named ACLs
When you configure an IP ACL, you can refer to the ACL by a numeric ID or by a name.
•
If you refer to the ACL by a numeric ID, you can use 1 – 99 for a standard ACL or 100 – 199 for an extended
ACL.
•
If you refer to the ACL by a name, you specify whether the ACL is a standard ACL or an extended ACL, then
specify the name.
You can configure up to 100 named standard IP ACLs and 100 named extended IP ACLs. You also can configure
up to 100 standard ACLs and 100 extended ACLs by number. Regardless of how many ACLs you have, the
device can have a maximum of 1024 ACL entries, associated with the ACLs in any combination. (On BigIron
Chassis devices with Management II or Management III modules, the maximum is 2048.)
To configure a named IP ACL, use the following CLI method.
USING THE CLI
The commands for configuring named ACL entries are different from the commands for configuring numbered
ACL entries. The command to configure a numbered ACL is
access-list
. The command for configuring a named
ACL is
ip access-list
. In addition, when you configure a numbered ACL entry, you specify all the command
parameters on the same command. When you configure a named ACL, you specify the ACL type (standard or
extended) and the ACL number with one command, which places you in the configuration level for that ACL.
Once you enter the configuration level for the ACL, the command syntax is the same as the syntax for numbered
ACLs.
The following examples show how to configure a named standard ACL entry and a named extended ACL entry.
Configuration Example for Standard ACL
To configure a named standard ACL entry, enter commands such as the following.
BigIron(config)# ip access-list standard Net1
BigIron(config-std-nac1)# deny host 209.157.22.26 log
BigIron(config-std-nac1)# deny 209.157.29.12 log
BigIron(config-std-nac1)# deny host IPHost1 log
BigIron(config-std-nac1)# permit any
BigIron(config-std-nac1)# exit
BigIron(config)# int eth 1/1
BigIron(config-if-1/1)# ip access-group Net1 out
The commands in this example configure a standard ACL named “Net1”. The entries in this ACL deny packets
from three source IP addresses from being forwarded on port 1/1. Since the implicit action for an ACL is “deny”,
the last ACL entry in this ACL permits all packets that are not explicitly denied by the first three ACL entries. For
an example of how to configure the same entries in a numbered ACL, see “Configuring Standard ACLs” on
page 13-6.
Notice that the command prompt changes after you enter the ACL type and name. The “std” in the command
prompt indicates that you are configuring entries for a standard ACL. For an extended ACL, this part of the
command prompt is “ext“. The “nacl” indicates that are configuring a named ACL.
Syntax:
ip access-list extended | standard <string> | <num>
The
extended | standard
parameter indicates the ACL type.
The <string> parameter is the ACL name. You can specify a string of up to 256 alphanumeric characters. You
can use blanks in the ACL name if you enclose the name in quotation marks (for example, “ACL for Net1”). The
Summary of Contents for Switch and Router
Page 2: ...December 2000 Copyright 2000 by Foundry Networks Inc ...
Page 26: ...Foundry Switch and Router Installation and Configuration Guide xxvi December 2000 ...
Page 64: ...Foundry Switch and Router Installation and Configuration Guide 2 34 December 2000 ...
Page 162: ...Foundry Switch and Router Installation and Configuration Guide 5 38 December 2000 ...
Page 196: ...Foundry Switch and Router Installation and Configuration Guide 6 34 December 2000 ...
Page 208: ...Foundry Switch and Router Installation and Configuration Guide 7 12 December 2000 ...
Page 236: ...Foundry Switch and Router Installation and Configuration Guide 8 28 December 2000 ...
Page 258: ...Foundry Switch and Router Installation and Configuration Guide 9 22 December 2000 ...
Page 420: ...Foundry Switch and Router Installation and Configuration Guide 13 32 December 2000 ...
Page 442: ...Foundry Switch and Router Installation and Configuration Guide 14 22 December 2000 ...
Page 554: ...Foundry Switch and Router Installation and Configuration Guide 15 112 December 2000 ...
Page 574: ...Foundry Switch and Router Installation and Configuration Guide 16 20 December 2000 ...
Page 626: ...Foundry Switch and Router Installation and Configuration Guide 17 52 December 2000 ...
Page 682: ...Foundry Switch and Router Installation and Configuration Guide 18 56 December 2000 ...
Page 826: ...Foundry Switch and Router Installation and Configuration Guide 20 20 December 2000 ...
Page 994: ...Foundry Switch and Router Installation and Configuration Guide 26 10 December 2000 ...
Page 1004: ...Foundry Switch and Router Installation and Configuration Guide B 6 December 2000 ...
Page 1044: ...Foundry Switch and Router Installation and Configuration Guide C 40 December 2000 ...
Page 1048: ...Foundry Switch and Router Installation and Configuration Guide D 4 December 2000 ...
Page 1070: ...Foundry Switch and Router Installation and Configuration Guide Index 18 December 2000 ...