ES4710BD 10 Slots L2/L3/L4 Chassis Switch

Switch(Config)#ip access list extended udpFlow Switch(Config-Ext-Nacl-udpFlow)#deny igmp any-source any-destination Switch(Config-Ext-Nacl-udpFlow)#permit udp any-source host-destination 192.168.0.1 d-port 32

12.2.2.9permit deny(standard)

Command: {deny permit} {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} no {deny permit} {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}}

Function: Creates a standard name-based IP access rule; the “no” form command deletes the name-based standard IP access rule

Parameters: <sIpAddr> is the source IP address in decimal format; <sMask> is the mask complement for source IP in decimal format.

Command Mode: named-based standard IP ACL configuration mode

Default: No IP address is configured by default.

Example: Allowing packets from 10.1.1.0/24 and denying packets from 10.1.1.0/16. Switch(Config)# ip access list standard ipFlow Switch(Config-Std-Nacl-ipFlow)# permit 10.1.1.0 0.0.0.255 Switch(Config-Std-Nacl-ipFlow)# deny 10.1.1.0 0.0.255.255

12.3ACL Example

Scenario 1:

The user has the following configuration requirement: port 1/10 of the switch connects to 10.0.0.0/24 segment, ftp is not desired for the user.

Configuration description:

1Create a proper ACL

2Configuring packet filtering function

3Bind the ACL to the port

The configuration steps are listed below:

Switch(Config)#access list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21 Switch(Config)#firewall enable

Switch(Config)#firewall default permit

Switch(Config)#interface ethernet 1/10

275

Page 276
Image 276
Accton Technology ES4710BD manual ACL Example, Permit denystandard, Scenario