6.4.4 Creating an Access List with a Name
From the global configuration mode, you can also create access lists. Using the Switch(config)#ip command you can name your access list, rather than using a number. The new prompt reflects the named access list mode.
Switch(config)# ip ?
Named | ||
Controls forwarding of physical and directed IP | ||
Build a prefix list | ||
route |
| Establish static routes |
Switch(config)# ip |
| |
standard | Standard Access List | |
extended | Extended Access List | |
Switch(config)# ip |
| |
WORD | |
Switch(config)# ip | |
deny | Specify packets to reject |
end | End current mode and change to enable mode |
exit | Exit current mode and down to previous mode |
help | Description of the interactive help system |
no | Negate a command or set its defaults |
permit | Specify packets to forward |
quit | Exit current mode and down to previous mode |
remark | Access list entry comment |
show | Show running system information |
write | Write running configuration to memory, network, or terminal |
At the
6.4.5 Applying an Access List to an Interface
After creating your access lists, you must apply them to an interface in order to enable the access list. Enter the interface configuration mode for the desired interface. Each interface may have only one access list applied to it at one time. Apply the access lists to either inbound traffic or to outbound traffic.
The following example shows creating an extended access list that only allows SMTP traffic (port 25) to be sent out, and denies all other traffic.
Switch(config)#
Switch(config)# interface eth1
WORD
in inbound direction out outbound direction
63 | Asante IntraCore IC36240 | User’s Manual |
