Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Configuring and Assigning an ACL
Comparison Operator:
• eq < tcp/udp-port-nbr > — “Equal To”; to have a match with
the ACE entry, the TCP or UDP source port number in a
packet must be equal to < tcp/udp-port-nbr >.
Port Number or Well-Known Port Name:
Use the TCP or UDP port number required by your
application. The switch also accepts these well-known TCP
or UDP port names as an alternative to their corresponding
port numbers:
• TCP: bgp, dns, ftp, http, imap4, ldap, nntp, pop2, pop3, smtp, ssl,
telnet
• UDP: bootpc, bootps, dns, ntp, radius, radius-old, rip, snmp,
snmp-trap, tftp
To list the above names, press the
[Shift] [?] key combination
after entering an operator. For a comprehensive listing of
port numbers, visit www.iana.org/assignments/port
numbers.
< any | host < dest-ip-addr > | ip-addr/mask-length >
In an extended ACL, this parameter defines the destination
IP address (DA) that a packet must carry in order to have
a match with the ACE. The options are the same as shown
for < src-ip-addr >.
[< dest-port tcp/udp-id >]
In an extended ACL, this parameter defines the TCP or UDP
destination port number a packet must carry in order to
have a match with the extended ACE. The options are the
same as shown above on the preceding page for the source
IP address.
[log]
Optional; generates an ACL log message if:
•- The action is deny. (This option is not configurable for
Permit.)
• There is a match.
•- ACL logging is enabled on the switch. (Refer to
“Enabling ACL Logging on the Switch” on page
10-72)
Syntax: interface < port-list > access-group < list-# | ascii-str > in
Assigns an ACL, designated by an ACL list number or ASCII
string (alphanumeric list name), to an interface to filter
inbound IP traffic on that interface. To configure named
ACLs, refer to
“Configuring a Named ACL” on page 10-54.
10-51
To Next Page
Loading...
