Configuring IP Based ACLs with CLI Commands

The following table summarizes the equivalent CLI commands for configuring IP Based ACLs.

Table 7-5. IP Based ACL CLI Commands

CLI Command

Description

 

 

ip access-listaccess-list-name

To define an IPv4 access list and to

no ip access-list access-list-name

place the device in IPv4 access list

configuration mode, use the ipv4

 

 

access-list command in global

 

configuration mode. To remove the

 

access list, use the no form of this

 

command.

 

 

permit {any protocol} {any{source source-wildcard}}

To set conditions to allow a packet to

{any{destination destination-wildcard}} [dscp number ip-precedence

pass a named IP access list, use the

number] [fragments]

permit command in access list

permit-icmp {any{source source-wildcard}} {any{destination

configuration mode.

 

destination-wildcard}}{anyicmp-type}{anyicmp-code} [dscp number

 

ip-precedence number]

 

permit-igmp {any{source source-wildcard}} {any{destination

 

destination-wildcard}}{anyigmp-type} [dscp number ip-precedence

 

number]

 

permit-tcp {any{ source source-wildcard}} {anysource-port} {any{

 

destination destination-wildcard}}{anydestination-port} [dscp number

 

ip-precedence number] [flags list-of-flags]

 

permit-udp {any{ source source-wildcard}} {any source-port}

 

{any{destination destination-wildcard}}{anydestination-port} [dscp

 

number ip-precedence number]

 

 

 

deny [disable-port] {any protocol} {any{source source-wildcard}}

To set conditions to allow a packet to

{any{destination destination-wildcard}} [dscp number ip-precedence

pass a named IP access list, use the

number] [fragments]

deny command in access list

deny-icmp [disable-port] {any{source source-wildcard}}

configuration mode.

 

{any{destination destination-wildcard}}{anyicmp-type} {anyicmp-

 

code} [dscp number ip-precedence number]

 

deny-igmp [disable-port] {any{source source-wildcard}}

 

{any{destination destination-wildcard}}{anyigmp-type} [dscp number

 

ip-precedence number]

 

deny-tcp [disable-port] {any{ source source-wildcard}} {anysource-

 

port} {any{ destination destination-wildcard}}{anydestination-port}

 

[dscp number ip-precedence number] [flags list-of-flags]

 

deny-udp [disable-port] {any{ source source-wildcard}} {any source-

 

port} {any{destination destination-wildcard}}{anydestination-port}

 

[dscp number ip-precedence number]

 

 

 

282

Configuring Switch Information

Page 281 Page 283
Page 282
Image 282
Dell 3548 manual 282
Page 281 Page 283
Top Page Image Contents