beautypg.com

Chapter 23: access control list commands, Ip acls, Table 23-1 – Edge Products ES3528-WDM User Manual

Page 385: Access control list commands, Table 23-2, Ip acl commands

background image

23-1

Chapter 23: Access Control List Commands

Access Control Lists (ACL) provide packet filtering for IP frames (based on address,
protocol, Layer 4 protocol port number or TCP control code), or any frames (based
on MAC address or Ethernet type). To filter packets, first create an access list, add
the required rules, specify a mask to modify the precedence in which the rules are
checked, and then bind the list to a specific port. This section describes the Access
Control List commands.

IP ACLs

The commands in this section configure ACLs based on IP addresses, TCP/UDP
port number, protocol type, and TCP control code. To configure IP ACLs, first create
an access list containing the required permit or deny rules, set a precedence mask
to control the filter sequence, and then bind the access list to one or more ports

Table 23-1 Access Control List Commands

Command Groups

Function

Page

IP ACLs

Configures ACLs based on IP addresses, TCP/UDP port number,

protocol type, and TCP control code

23-1

MAC ACLs

Configures ACLs based on hardware addresses, packet format, and

Ethernet type

23-12

ACL Information

Displays ACLs and associated rules; shows ACLs assigned to each port 23-19

Table 23-2 IP ACL Commands

Command

Function

Mode

Page

access-list ip

Creates an IP ACL and enters configuration mode for

standard or extended IP ACLs

GC

23-2

permit, deny

Filters packets matching a specified source IP address

IP-

STD-ACL

23-2

permit, deny

Filters packets meeting the specified criteria, including

source and destination IP address, TCP/UDP port number,

protocol type, and TCP control code

IP-

EXT-ACL

23-3

show ip access-list

Displays the rules for configured IP ACLs

PE

23-5

access-list ip

mask-precedence

Changes to the IP Mask mode used to configure access

control masks

GC

23-6

mask

Sets a precedence mask for the ACL rules

IP-Mask

23-6

show access-list ip

mask-precedence

Shows the ingress or egress rule masks for IP ACLs

PE

23-10

ip access-group

Adds a port to an IP ACL

IC

23-11

show ip access-group

Shows port assignments for IP ACLs

PE

23-11

This manual is related to the following products: