
OnSite 2800 Series User Manual7 • Access control list configuration
Mode: Profile access control list
Step | Command | Purpose |
|
|
|
1
src} {dest | entry that denies access defined |
| according to the command |
| options |
Where the syntax is:
Keyword | Meaning |
|
|
src | The source address to be included in the rule. An IP address in |
| e.g. 64.231.1.10. |
| A wildcard for the source address. Expressed in |
| which bits are significant for matching. |
| sponding bits are ignored. An example for a valid wildcard is 0.0.0.255, which speci- |
| fies a class C network. |
|
|
any | Indicates that IP traffic to or from all IP addresses is to be included in the rule. |
host src | The address of a single source host. |
|
|
dest | The destination address to be included in the rule. An IP address in |
| mat, e.g. 64.231.1.10. |
A wildcard for the destination address. See | |
|
|
host dest | The address of a single destination host. |
cos | Optional. Specifies that packets matched by this rule belong to a certain Class of Service |
| (CoS). For detailed description of CoS configuration refer to chapter 8, “Link scheduler |
| configuration” on page 93. |
|
|
group | CoS group name. |
|
|
If you place a deny ip any any rule at the top of an access control list profile, no packets will pass regardless of the other rules you defined.
Example: Create IP access control list entries
Select the
2800(cfg)#profile acl WanRx
Access control list configuration task list | 84 |