beautypg.com

IBM 12.1(22)EA6 User Manual

Page 397

background image

22-13

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 22 Configuring Network Security with ACLs

Configuring ACLs

Beginning in privileged EXEC mode, follow these steps to create a standard named access list using
names:

Beginning in privileged EXEC mode, follow these steps to create an extended named ACL using names:

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

ip access-list standard {name |
access-list-number}

Define a standard IP access list by using a name, and enter
access-list configuration mode.

Note

The name can be a number from 1 to 99.

Step 3

deny {source source-wildcard | host source |
any}

or

permit {source source-wildcard | host source |
any}

In access-list configuration mode, specify one or more conditions
denied or permitted to determine if the packet is forwarded or
dropped.

host source represents a source and source-wildcard of source
0.0.0.0.

any represents a source and source-wildcard of 0.0.0.0
255.255.255.255.

Note

The log option is not supported on the switches.

Step 4

end

Return to privileged EXEC mode.

Step 5

show access-lists [number | name]

Show the access list configuration.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

ip access-list extended {name |
access-list-number}

Define an extended IP access list by using a name, and enter
access-list configuration mode.

Note

The name can be a number from 100 to 199.

Step 3

{deny | permit} protocol
{source source-wildcard | host

source | any}

[operator port] {destination
destination-wildcard | host

destination | any}

[operator port] [dscp dscp-value] [time-range
time-range-name]

In access-list configuration mode, specify the conditions allowed
or denied.

See the

“Creating a Numbered Extended ACL” section on

page 22-9

for definitions of protocols and other keywords.

host source represents a source and source-wildcard of source
0.0.0.0, and host destination represents a destination and
destination-wildcard of destination 0.0.0.0.

any represents a source and source-wildcard or destination
and destination-wildcard of 0.0.0.0 255.255.255.255.

dscp—Enter to match packets with any of the supported 13 DSCP
values ( 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use
the question mark (?) to see a list of available values.

The time-range keyword is optional. For an explanation of this
keyword, see the

“Applying Time Ranges to ACLs” section on

page 22-14

.

Step 4

end

Return to privileged EXEC mode.

See also other documents in the category IBM Computer Accessories: