272 ACL Commands
Command Mode
Global Configuration mode
User Guidelines
Access list names can consist of any printable character. Names can be up to
31 characters in length.
Examples
The following examples create an ACL to discard any HTTP traffic from
192.168.77.171, but allow all other traffic from 192.168.77.171:
console(config)#access-list alpha deny ip
192.168.77.171 0.0.0.0 0.0.0.0 255.255.255.255 eq
http
console(config)#access-list alpha permit ip
192.168.77.171 0.0.0.0 any
deny | permit (IP ACL)
Use this command in Ipv4-Access-List Configuration mode to create a new
rule for the current IP access list. Each rule is appended to the list of
configured rules for the list.
The command is enhanced to accept the optional time-range parameter. The
time-range parameter allows imposing a time limitation on the IP ACL rule
as defined by the parameter
time-range-name
. If a time range with the
specified name does not exist, and the IP ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied
immediately. If a time range with the specified name exists, and the IP ACL
containing this ACL rule is applied to an interface or bound to a VLAN, then
the ACL rule is applied when the time-range with a specified name becomes
active. The ACL rule is removed when the time-range with a specified name
becomes inactive.
Syntax
{deny | permit} {
every
| any} {
dstmac
| any} [
ethertypekey
|
0x0600-
0xFFFF
] vlan {eq
0-4095
}] [cos
0-7
] [[log] [time-range
time-range-name
]
[assign-queue
queue-id
] [{mirror | redirect}
interface-id
]
2CSPC4.XCT-SWUM2XX1.book Page 272 Monday, October 3, 2011 11:05 AM