Cisco Systems 3130 User Manual
34-10
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 34 Configuring Network Security with ACLs
Configuring IPv4 ACLs
Creating a Numbered Standard ACL
Beginning in privileged EXEC mode, follow these steps to create a numbered standard ACL:
Use the no access-list access-list-number global configuration command to delete the entire ACL. You
cannot delete individual ACEs from numbered access lists.
cannot delete individual ACEs from numbered access lists.
Note
When creating an ACL, remember that, by default, the end of the ACL contains an implicit deny
statement for all packets that it did not find a match for before reaching the end. With standard access
lists, if you omit the mask from an associated IP host address ACL specification, 0.0.0.0 is assumed to
be the mask.
statement for all packets that it did not find a match for before reaching the end. With standard access
lists, if you omit the mask from an associated IP host address ACL specification, 0.0.0.0 is assumed to
be the mask.
This example shows how to create a standard ACL to deny access to IP host 171.69.198.102, permit
access to any others, and display the results.
access to any others, and display the results.
Switch (config)# access-list 2 deny host 171.69.198.102
Switch (config)# access-list 2 permit any
Switch(config)# end
Switch# show access-lists
Standard IP access list 2
10 deny 171.69.198.102
20 permit any
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
access-list access-list-number {deny | permit}
source [source-wildcard] [log]
source [source-wildcard] [log]
Define a standard IPv4 access list by using a source address and
wildcard.
wildcard.
The access-list-number is a decimal number from 1 to 99 or 1300
to 1999.
to 1999.
Enter deny or permit to specify whether to deny or permit access
if conditions are matched.
if conditions are matched.
The source is the source address of the network or host from which
the packet is being sent specified as:
the packet is being sent specified as:
•
The 32-bit quantity in dotted-decimal format.
•
The keyword any as an abbreviation for source and
source-wildcard of 0.0.0.0 255.255.255.255. You do not need
to enter a source-wildcard.
source-wildcard of 0.0.0.0 255.255.255.255. You do not need
to enter a source-wildcard.
•
The keyword host as an abbreviation for source and
source-wildcard of source 0.0.0.0.
source-wildcard of source 0.0.0.0.
(Optional) The source-wildcard applies wildcard bits to the
source.
source.
(Optional) Enter log to cause an informational logging message
about the packet that matches the entry to be sent to the console.
about the packet that matches the entry to be sent to the console.
Step 3
end
Return to privileged EXEC mode.
Step 4
show access-lists [number | name]
Show the access list configuration.
Step 5
copy running-config startup-config
(Optional) Save your entries in the configuration file.