698
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Contax
CLI\files\ACL.fm
D E L L C O N F I D E N T I A L – PR E LI M IN A RY 2 0 12 - F O R P RO O F O N LY
ack, -psh, -rst, -syn and -fin. The flags are concatenated to a one string.
For example: +fin-ack.
•
time-range-name
—Name of the time range that applies to this permit
statement. (Range: 1–32)
Default
No IPv4 access list is defined.
Command Mode
IP Access-list Configuration mode
User Guidelines
You enter IP-access list configuration mode by using the IP Access-list Global
Configuration command.
After an access control entry (ACE) is added to an access control list, an
implied deny any any condition exists at the end of the list. That is, if there
are no matches, the packets are denied. However, before the first ACE is
added, the list permits all packets.
The number of TCP/UDP ranges that can be defined in ACLs is limited. You
can define up to #ASIC-specific ranges for TCP and up to #ASIC-specific
ranges for UDP. If a range of ports is used for source port in ACE it would be
not be counted again if it is also used for source port in another ACE. If a
range of ports is used for destination port in ACE it would be not be counted
again if it is also used for destination port in another ACE.
If a range of ports is used for source port it would be counted again if it is also
used for destination port.
Example
console(config)# ip access-list extended server
console(config-ip-al)#
permit
ip 1.1.1.0 0.0.0.255 1.1.2.0 0.0.0.0
deny ( IP )
Use the
deny
IP Access-list Configuration mode command to set deny
conditions for IPv4 access list.
