beautypg.com

Creating a numbered standard acl – IBM 12.1(22)EA6 User Manual

Page 392

background image

22-8

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 22 Configuring Network Security with ACLs

Configuring ACLs

Note

In addition to numbered standard and extended ACLs, you can also create named standard and extended
IP ACLs by using the supported numbers. That is, the name of a standard IP ACL can be 1 to 99; the
name of an extended IP ACL can be 100 to 199. The advantage of using named ACLs instead of
numbered lists is that you can delete individual entries from a named list.

Creating a Numbered Standard ACL

Note

For information about creating ACLs to apply to a management interface, see the “Configuring IP
Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1 and
the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1. You can these apply
these ACLs only to a management interface.

Beginning in privileged EXEC mode, follow these steps to create a numbered standard IP ACL:

1200–1299

IPX summary address access list

No

1300–1999

IP standard access list (expanded range)

Yes

2000–2699

IP extended access list (expanded range)

Yes

Table 22-2

Access List Numbers (continued)

ACL Number

Type

Supported

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

access-list access-list-number {deny | permit |
remark} {source source-wildcard | host source
| any}

Define a standard IP ACL by using a source address and wildcard.

The access-list-number is a decimal number from 1 to 99 or 1300
to 1999.

Enter deny or permit to specify whether to deny or permit access
if conditions are matched.

The source is the source address of the network or host from which
the packet is being sent:

The 32-bit quantity in dotted-decimal format.

The keyword any as an abbreviation for source and
source-wildcard of 0.0.0.0 255.255.255.255. You do not need
to enter a source wildcard.

The keyword host as an abbreviation for source and
source-wildcard of source 0.0.0.0.

(Optional) The source-wildcard applies wildcard bits to the
source. (See first bullet item.)

Note

The log option is not supported on the switches.

Step 3

end

Return to privileged EXEC mode.

See also other documents in the category IBM Computer Accessories: