Configuring Access Control Lists
7-5
7
Web
– Specify the action (i.e., Permit or Deny). Specify the source and/or
destination addresses. Select the address type (Any, Host, or IP). If you select
“Host,” enter a specific address. If you select “IP,” enter a subnet address and the
mask for an address range. Set any other required criteria, such as service type,
protocol type, or TCP control code. Then click Add.
Figure 7-3 ACL Configuration - Extended IPv4
CLI
– This example adds three rules:
1. Accept any incoming packets if the source address is in subnet 10.7.1.x. For
example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals
the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.
2. Allow TCP packets from class C addresses 192.168.1.0 to any destination
address when set for destination TCP port 80 (i.e., HTTP).
3. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control
code set to “SYN.”
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any
26-3
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
destination-port 80
Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any
control-flag 2 2
Console(config-std-acl)#
Summary of Contents for 8926EM
Page 6: ...ii ...
Page 34: ...Getting Started ...
Page 44: ...Introduction 1 10 1 ...
Page 62: ...Initial Configuration 2 18 2 ...
Page 64: ...Switch Management ...
Page 76: ...Configuring the Switch 3 12 3 ...
Page 118: ...Basic Management Tasks 4 42 4 ...
Page 164: ...User Authentication 6 28 6 ...
Page 176: ...Access Control Lists 7 12 7 ...
Page 284: ...Quality of Service 14 8 14 ...
Page 294: ...Multicast Filtering 15 10 15 ...
Page 300: ...Domain Name Service 16 6 16 ...
Page 310: ...Dynamic Host Configuration Protocol 17 10 17 ...
Page 320: ...Configuring Router Redundancy 18 10 18 ...
Page 344: ...IP Routing 19 24 19 ...
Page 356: ...Unicast Routing 20 12 20 Web Click Routing Protocol RIP Statistics Figure 20 5 RIP Statistics ...
Page 386: ...Unicast Routing 20 42 20 ...
Page 388: ...Command Line Interface ...
Page 400: ...Overview of the Command Line Interface 21 12 21 ...
Page 466: ...SNMP Commands 24 16 24 ...
Page 520: ...Access Control List Commands 26 18 26 ...
Page 546: ...Rate Limit Commands 30 2 30 ...
Page 612: ...VLAN Commands 34 24 34 ...
Page 626: ...Class of Service Commands 35 14 35 ...
Page 670: ...DHCP Commands 39 16 39 ...
Page 716: ...IP Interface Commands 41 36 41 ...
Page 768: ...IP Routing Commands 42 52 42 ...
Page 770: ...Appendices ...
Page 791: ......