Configuring receive acls, Verifying receive acls, Configuration example for ip receive acls – Cisco 10000 User Manual
Page 305
12-3
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 12 Configuring Traffic Filtering
IP Receive ACLs
Configuring Receive ACLs
To configure receive ACLs, enter the following commands beginning in global configuration mode:
Verifying Receive ACLs
To verify the configuration of receive ACLs, enter any of the following commands in privileged EXEC
mode:
Configuration Example for IP Receive ACLs
shows how to configure an extended IP receive ACL. The ACEs of this numbered
ACL (100) do the following:
•
Deny fragmented ping operations
•
Permit the router to respond to ping operations
•
Permit FTP operations from network 192.168.1.0
•
Permit OSPF routing updates
•
Permit BGP routing updates from the host 10.0.0.1
•
Deny any other IP traffic
Command
Purpose
Step 1
Router(config)# ip receive acl number
Activates receive ACLs and begins filtering packets destined for
the router.
Step 2
Router(config)# access-list
access-list-number {deny | permit} source
[source-wildcard] [log]
or
Router (config)# access-list
access-list-number [dynamic dynamic-name
[timeout minutes]] {deny | permit}
protocol source source-wildcard
destination destination-wildcard
[precedence precedence] [tos tos] [log |
log-input
] [time-range time-range-name]
Defines a standard IP access list.
Defines an extended IP access list.
Note
The timeout argument and the time-range argument are
not supported on Cisco IOS Release 12.3(7)XI1.
Command
Purpose
Router# show access-lists
Displays the contents of all current standard and extended access
lists. (Default)
Router# show access-lists [access-list-number |
access-list-name]
Displays the contents of the access list you specify.
Router# show ip access-list
Displays the contents of all current standard and extended IP
access lists. (Default)
Router# show ip access-list [access-list-number |
access-list-name]
Displays the contents of the IP access list you specify.