Access Control Lists
3-633
•SubMask – A subnet mask containing four integers from 0 to 255, each separated
by a period. The mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.”
The mask is bitwise ANDed with the specified source IP address, and compared
with the address for each IP packet entering the port(s) to which this ACL has been
assigned.
Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host,
or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet
address and the mask for an address range. Then click Add.
Figure 3-33. Configuring a Standard ACL
CLI – This example configures one permit rule for the specific address 10.1.1.21
and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask.
Configuring an Extended IP ACLCommand Attributes
•Action – An ACL can contain either all permit rules or all deny rules.
(Default: Permit rules)
•Src/Dst IP – Specifies the source or destination IP address. Use “Any” to include
all possible addresses, “Host” to specify a specific host address in the Address
field, or “IP” to specify a range of addresses with the Address and SubMask fields.
(Options: Any, Host, IP; Default: Any)
•Src/Dst Address – Source or destination IP address.
•Src/Dst SubMask – Subnet mask for source or destination address. (See the
description for SubMask on page 3-62.)
Console(config-std-acl)#permit host 10.1.1.21 4-86
Console(config-std-acl)#permit 168.92.16.0 255.255.240.0
Console(config-std-acl)#