6.4.1 Create a Standard Access List

Standard access lists filter at Layer 3, and can allow or block access to networks and host addresses. The parameters for a standard access list are described below:

Access list number (1–99): Identifies the access list to which an entry belongs. There is no limit to how many entries make up an access list, other than available memory

Remark: Access list entry comment. This may be useful to keep track of numbered lists

Permit/deny: Indicates whether this entry allows or blocks traffic from the specified source address

Source address: Enter the source IP address to match

Any: Specifies any source address to match

Source wildcard mask: Identifies which bits in the address field are to be matched. A “0” indicates that positions must match; a “1” indicates that position is ignored

In the following example, a standard access list is created to allow all traffic from the 192.168.0.0 networks, while blocking all non-192.168.0.0 traffic. The last entry is redundant, since the switch will deny access if there is no match found by the end of the list.

Switch# configure

1

?

Switch(config)# access-list

deny

Specify packets to reject

permit

Specify packets to forward

remark

Access list entry comment

Switch(config)# access-list

1

permit ?

A.B.C.D

Source address to match. e.g. 10.0.0.0

any

Any source address

to match

Switch(config)# access-list

1

permit 192.168.0.0 ?

A.B.C.D

Source wildcard. e.g. 0.0.0.255

<cr>

 

 

permit 192.168.0.0 0.0.255.255

Switch(config)# access-list 1

Switch(config)# access-list 1

deny any

The next example shows a standard access list is created to deny all traffic from 192.168.123.254 and allow all other traffic to be forwarded. Note that the last entry of this example is not redundant, as it is a permit statement. An implicit deny statement would follow the last entry, if no match was found before the end of the list. In this case, however, you are permitting any other IP address other than 192.168.123.254, and a deny statement is not necessary.

Switch(config)# access-list 1 deny 192.168.123.254 ? A.B.C.D Source wildcard. e.g. 0.0.0.255

<cr>

Switch(config)# access-list 1 deny 192.168.123.254

Switch(config)# access-list 1 permit any

Switch(config)# exit

Switch# show access-list

After entering the access list, use the show command from privileged mode, as shown above. Any lists you have created, as well as any remark entered for a list, will be displayed.

Note: In the above examples, the argument any can be used instead of 0.0.0.0 255.255.255.255.

60

Asante IntraCore IC36240

User’s Manual

Page 59 Page 61
Page 60
Image 60
Asante Technologies IC36240 user manual Create a Standard Access List
Page 59 Page 61
Top Page Image Contents