ACL Commands
115 OL-32830-01 Command Line Interface Reference Guide
4
Default Configuration
No IPv4 access list is defined.
Command Mode
IP Access-list Configuration mode
User Guidelines
If a range of ports is used for source port in an ACE, it is not counted again, if it is
also used for a source port in another ACE. If a range of ports is used for the
destination port in an ACE, it is not counted again if it is also used for destination
port in another ACE.
If a range of ports is used for source port it is counted again if it is also used for
destination port.
If ace-priority is omitted, the system sets the rule's priority to the current highest
priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If
the user types already existed priority, then the command is rejected.
Example
switchxxxxxx(config)#
ip access-list extended
server
switchxxxxxx(config-ip-al)#
permit
ip
176.212.0.0 00.255.255
any
4.3 deny ( IP )
Use the deny IP Access-list Configuration mode command to set deny conditions
for IPv4 access list. Deny conditions are also known as access control entries
(ACEs). Use the no form of the command to remove the access control entry.
Syntax
deny
protocol {any | source source-wildcard} {any | destination
destination-wildcard} [
ace-priority
priority] [dscp number | precedence number]
[
time-range
time-range-name] [disable-port |log-input ]
deny
icmp {any | source source-wildcard} {any | destination destination-wildcard}
[any | icmp-type] [any | icmp-code]][
ace-priority
priority] [dscp number |
precedence number] [
time-range
time-range-name] [disable-port |log-input ]
To Next Page
Loading...
Need help?
General