beautypg.com

Configuring standard named acls, Standard named acl syntax – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 937

background image

Brocade TurboIron 24X Series Configuration Guide

903

53-1003053-01

Configuring standard named ACLs

Configuring standard named ACLs

This section describes how to configure standard named ACLs with alphanumeric IDs. This section
also provides configuration examples.

Standard ACLs permit or deny packets based on source IP address. You can configure up to 99
standard named ACLs. There is no limit to the number of ACL entries an ACL can contain except
for the system-wide limitation. For the number of ACL entries supported on a device, refer to

“ACL

IDs and entries”

on page 898.

The commands for configuring named ACL entries are different from the commands for configuring
numbered ACL entries. The command to configure a numbered ACL is access-list. The command
for configuring a named ACL is ip access-list. In addition, when you configure a numbered ACL
entry, you specify all the command parameters on the same command. When you configure a
named ACL, you specify the ACL type (standard or extended) and the ACL name with one command,
which places you in the configuration level for that ACL. Once you enter the configuration level for
the ACL, the command syntax is the same as the syntax for numbered ACLs.

Standard named ACL syntax

Syntax: [no] ip access-list standard |

Syntax: deny | permit | [log]

or

Syntax: deny | permit / | [log]

Syntax: deny | permit host | [log]

Syntax: deny | permit any [log]

Syntax: [no] ip access-group in

The parameter is the access list name. You can specify a string of up to 256
alphanumeric characters. You can use blanks in the ACL name if you enclose the name in
quotation marks (for example, “ACL for Net1”).

The parameter allows you to specify an ACL number if you prefer. If you specify a
number, you can specify from 1 – 99 for standard ACLs.

NOTE

For convenience, the software allows you to configure numbered ACLs using the syntax for named
ACLs. The software also still supports the older syntax for numbered ACLs. Although the software
allows both methods for configuring numbered ACLs, numbered ACLs are always formatted in the
startup-config and running-config files in using the older syntax, as follows.

access-list 1 deny host 10.157.22.26 log

access-list 1 deny 10.157.22.0 0.0.0.255 log

access-list 1 permit any

access-list 101 deny tcp any any eq http log

The deny | permit parameter indicates whether packets that match a policy in the access list are
denied (dropped) or permitted (forwarded).

The parameter specifies the source IP address. Alternatively, you can specify the host
name.

See also other documents in the category Brocade Computer Accessories: