Document No. 10-300077, Issue 2 13-15
Configuring Access Lists
3. Enter a number between 100 and 199 (or Alphanumeric) (extended
ACL) in the Access List Name field to identify your new acc ess control
list.
4. Enter a number in the Access Rule Index file to identify the access rule.
5. Select Deny/Filter from the Access Type field pull-down menu.
6. Enter the source address (10.1.2.0) and the source address wildcard
(0.0.0.255), respectively, in the Source Address field.
7. Enter the destination address (10.1.1.0) and the destination address
wildcard (0.0.0.255), respectively, in the Dest Address field.
8. Click CREATE to save your changes, or CANCEL to restore previous
settings. Once you create both access rules, all traffic between subnet
10.1.1.0 and 10.1.2.0 is deny/filtered.
*Note: Traffic between any other 10.1.x .0 su bnets a re not f ilt ered
because the access rules only deny/filter traffic between
subnets 10.1.1.0 and 10.1.2.0.
To deny/filter traffic to a specific address and no t t o an
entire subnet, you must specify the destination IP address
of the network node, and use a subnet wildcard of 0.0.0.0.
To deny/filter all traffic, you must specify a desti nation
address of 0.0.0.0 and a wildcard of 255.255.255.255.
This is useful if you want to filter all traffic except traffic
that matches a previous rule. Ensure that you do not make
this your first rule, since ACL rules are read from the top
down and stop after the first rule match, which ignores all
subsequent rules.
Logging ACL Activity
Overview
You can log information about packets that match specific rules in the
active access control list (ACL). Each log entry contains the following
information:
Source and destination IP address.
Protocol ID (RFC 1700 defines these ID numbers).
Time that the match occurred.
Index number of the access rule that was matched.