246
be created, and entries can be added to that ACL.
Example: Create a standard IP access list numbered 20, allowing packets from
10.1.1.0/24 and deny packets from 10.1.1.0/16.
Switch(Config)#access list 20 permit 10.1.1.0 0.0.0.255
Switch(Config)#access list 20 deny 10.1.1.0 0.0.255.255
Command: firewall { enable | disable}
Function: Enable or disable firewall.
Parameter: Enable for allow firewall function; disable for prevent firewall action.
Default: The firewall is disabled by default.
Command mode: Global Mode
Usage Guide: Access rules can be configured regardless of firewall status. But the rules
can only be applied to the specified direction of specified ports when the
firewall is enabled. When the firewall is disabled, all ACL bound to the ports
will be deleted.
Example: enable firewall.
Switch(Config)#firewall enable
Command: firewall default {permit | deny}
Function: set firewall default action.
Parameter: “permit” allows packets to pass through; “deny” blocks packets.
Command mode: Global Mode
Default: The default action is “permit”.
Usage Guide: This command affect incoming IP packets on the port only, other packets
are allowed to pass through the switch.
Example: set firewall default action to block packets.
Switch(Config)#firewall default deny
Command: access-list ip extended <name>
no access-list ip extended <name>