28-9
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-09
Chapter 28 Configuring Network Security with ACLs
Configuring IP ACLs
Note In addition to numbered standard and extended ACLs, you can also create standard and extended named
IP ACLs using the supported numbers. That is, the name of a standard IP ACL can be 1 to 99; the name
of an extended IP ACL can be 100 to 199. The advantage of using named ACLs instead of numbered lists
is that you can delete individual entries from a named list.
Creating a Numbered Standard ACL
Beginning in privileged EXEC mode, follow these steps to create a numbered standard ACL:
700–799 48-bit MAC address access list No
800–899 IPX standard access list No
900–999 IPX extended access list No
1000–1099 IPX SAP access list No
1100–1199 Extended 48-bit MAC address access list No
1200–1299 IPX summary address access list No
1300–1999 IP standard access list (expanded range) Yes
2000–2699 IP extended access list (expanded range) Yes
Table 28-1 Access List Numbers (continued)
Access List Number Type Supported
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
access-list access-list-number
{deny | permit}
source [source-wildcard] [log]
Define a standard IP access list by using a source address and wildcard.
The access-list-number is a decimal number from 1 to 99 or 1300 to 1999.
Enter deny or permit to specify whether to deny or permit access if
conditions are matched.
The source is the source address of the network or host from which the
packet is being sent specified as:
• The 32-bit quantity in dotted-decimal format.
• The keyword any as an abbreviation for source and source-wildcard
of 0.0.0.0 255.255.255.255. You do not need to enter a
source-wildcard.
• The keyword host as an abbreviation for source and source-wildcard
of source 0.0.0.0.
(Optional) The source-wildcard applies wildcard bits to the source.
(Optional) Enter log to create an informational logging message about the
packet that matches the entry to be sent to the console.
Note The log keyword is ignored on ACLs applied to Layer 2 interfaces.
Step 3
end Return to privileged EXEC mode.
To Next Page
Loading...
Need help?
General
