3 acl example, 9 permit | deny(standard) – Accton Technology ES4710BD User Manual

275

E

ES4710BD 10 Slots L2/L3/L4 Chassis Switch

Switch(Config)#ip access list extended udpFlow

Switch(Config-Ext-Nacl-udpFlow)#deny igmp any-source any-destination

Switch(Config-Ext-Nacl-udpFlow)#permit udp any-source host-destination 192.168.0.1 d-port 32

12.2.2.9 permit | deny(standard)

Command: {deny | permit} {{ } | any-source | {host-source }}

no {deny | permit} {{ } | any-source | {host-source }}

Function: Creates a standard name-based IP access rule; the “no” form command deletes the

name-based standard IP access rule

Parameters: is the source IP address in decimal format; <sMask> is the mask

complement for source IP in decimal format.

Command Mode: named-based standard IP ACL configuration mode

Default: No IP address is configured by default.

Example: Allowing packets from 10.1.1.0/24 and denying packets from 10.1.1.0/16.

Switch(Config)# ip access list standard ipFlow

Switch(Config-Std-Nacl-ipFlow)# permit 10.1.1.0 0.0.0.255

Switch(Config-Std-Nacl-ipFlow)# deny 10.1.1.0 0.0.255.255

12.3 ACL Example

Scenario 1:

The user has the following configuration requirement: port 1/10 of the switch connects to

10.0.0.0/24 segment, ftp is not desired for the user.

Configuration description:

1． Create a proper ACL

2． Configuring packet filtering function

3． Bind the ACL to the port

The configuration steps are listed below:

Switch(Config)#access list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21

Switch(Config)#firewall enable

Switch(Config)#firewall default permit

Switch(Config)#interface ethernet 1/10