Foundry Configuration Guide for the FESX, FSX, and FWSX
12 - 6
© Foundry Networks, Inc.
December 2005
NOTE:
If the ACL is for a virtual routing interface, you also can specify a subset of ports within the VLAN
containing that interface when assigning an ACL to the interface.
Configuration Example for Standard Numbered ACLs
To configure a standard ACL and apply it to incoming traffic on port 1/1, enter the following commands.
FastIron SuperX Router(config)# access-list 1 deny host 209.157.22.26 log
FastIron SuperX Router(config)# access-list 1 deny 209.157.29.12 log
FastIron SuperX Router(config)# access-list 1 deny host IPHost1 log
FastIron SuperX Router(config)# access-list 1 permit any
FastIron SuperX Router(config)# int eth 1/1
FastIron SuperX Router(config-if-1/1)# ip access-group 1 in
FastIron SuperX Router(config)# write memory
The commands in this example configure an ACL to deny packets from three source IP addresses from being
received on port 1/1. The last ACL entry in this ACL permits all packets that are not explicitly denied by the first
three ACL entries.
Configuring Standard Named ACLs
This section describes how to configure standard named ACLs with alphanumeric IDs. This section also provides
configuration examples.
Standard ACLs permit or deny packets based on source IP address. You can configure up to 99 standard named
ACLs. There is no limit to the number of ACL entries an ACL can contain except for the system-wide limitation.
For the number of ACL entries supported on a device, see “ACL IDs and Entries” on page 12-2.
The commands for configuring named ACL entries are different from the commands for configuring numbered
ACL entries. The command to configure a numbered ACL is
access-list
. The command for configuring a named
ACL is
ip access-list
. In addition, when you configure a numbered ACL entry, you specify all the command
parameters on the same command. When you configure a named ACL, you specify the ACL type (standard or
extended) and the ACL name with one command, which places you in the configuration level for that ACL. Once
you enter the configuration level for the ACL, the command syntax is the same as the syntax for numbered ACLs.
Standard Named ACL Syntax
Syntax:
[no] ip access-list standard <acl-name> | <acl-num>
Syntax:
deny | permit <source-ip> | <hostname> <wildcard> [log]
or
Syntax:
deny | permit <source-ip>/<mask-bits> | <hostname> [log]
Syntax:
deny | permit host <source-ip> | <hostname> [log]
Syntax:
deny | permit any [log]
Syntax:
[no] ip access-group <acl-name> in
The <acl-name> parameter is the access list name. You can specify a string of up to 256 alphanumeric
characters. You can use blanks in the ACL name if you enclose the name in quotation marks (for example, “ACL
for Net1”).
The <acl-num> parameter allows you to specify an ACL number if you prefer. If you specify a number, you can
specify from 1 – 99 for standard ACLs.
NOTE:
For convenience, the software allows you to configure numbered ACLs using the syntax for named ACLs.
The software also still supports the older syntax for numbered ACLs. Although the software allows both methods
for configuring numbered ACLs, numbered ACLs are always formatted in the startup-config and running-config
files in using the older syntax, as follows.
Содержание FastIron Edge Switch X424
Страница 36: ...Foundry Configuration Guide for the FESX FSX and FWSX 2 12 Foundry Networks Inc December 2005...
Страница 56: ...Foundry Configuration Guide for the FESX FSX and FWSX 3 20 Foundry Networks Inc December 2005...
Страница 70: ...Foundry Configuration Guide for the FESX FSX and FWSX 4 14 Foundry Networks Inc December 2005...
Страница 198: ...Foundry Configuration Guide for the FESX FSX and FWSX 8 38 Foundry Networks Inc December 2005...
Страница 316: ...Foundry Configuration Guide for the FESX FSX and FWSX 12 26 Foundry Networks Inc December 2005...
Страница 334: ...Foundry Configuration Guide for the FESX FSX and FWSX 13 18 Foundry Networks Inc December 22 2005...
Страница 350: ...Foundry Configuration Guide for the FESX FSX and FWSX 15 12 Foundry Networks Inc December 2005...
Страница 458: ...Foundry Configuration Guide for the FESX FSX and FWSX 18 18 Foundry Networks Inc December 2005...
Страница 712: ...Foundry Configuration Guide for the FESX FSX and FWSX 22 32 Foundry Networks Inc December 2005...
Страница 760: ...Foundry Configuration Guide for the FESX FSX and FWSX A 34 Foundry Networks Inc December 2005...
Страница 796: ...Foundry Configuration Guide for the FESX FSX and FWSX C 18 Foundry Networks Inc December 2005...
Страница 820: ...Foundry Configuration Guide for the FESX FSX and FWSX E 10 Foundry Networks Inc December 2005...