Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Planning an ACL Application on a Series 3400cl or Series 6400cl Switch
■
Every IP address and mask pair (source or destination) used in an
ACE creates one of the following policies:
•
Any IP address fits the matching criteria.
In this case, the switch
automatically enters the IP address and mask in the ACE. For exam
ple:
access-list 1 deny any
produces this policy in an ACL listing:
IP Address
Mask
0.0.0.0
255.255.255.255
This policy states that every bit in every octet of a packet’s SA is a
wildcard, which covers any IP address.
•
One IP address fits the matching criteria.
In this case, you provide
the IP address and the switch provides the mask. For example:
access-list 1 permit host 18.28.100.15
produces this policy in an ACL listing:
IP Address
Mask
18.28.100.15
0.0.0.0
This policy states that every bit in every octet of a packet’s SA must
be the same as the corresponding bit in the SA defined in the ACE.
•
A group of IP addresses fits the matching criteria.
In this case
you provide both the IP address and the mask. For example:
access-list 1 permit 18.28.32.1 0.0.0.31
IP Address
Mask
18.28.32.1
0.0.0.31
This policy states that:
–
In the first three octets of a packet’s SA, every bit must be set the
same as the corresponding bit in the SA defined in the ACE.
–
In the last octet of a packet’s SA, the first three bits must be the
same as in the ACE, but the last five bits are wildcards and can
be any value.
■
Unlike subnet masks, the wildcard bits in an ACL mask need not be
contiguous. For example, 0.0.7.31 is a valid ACL mask. However, a
subnet mask of 255.255.248.224 is not a valid subnet mask.
10-32
Содержание 6400cl
Страница 2: ......
Страница 84: ...Static Virtual LANs VLANs VLAN Restrictions This page is intentionally unused 2 54 ...
Страница 104: ...GVRP GVRP Operating Notes This page intentionally unused 3 20 ...
Страница 274: ...Switch Meshing Operating Notes for Switch Meshing This page is intentionally unused 7 28 ...
Страница 598: ...Router Redundancy Using XRRP Messages Related to XRRP Operation This page is intentionally unused 12 26 ...
Страница 662: ... This page is intentionally unused 20 Index ...
Страница 663: ......