Cisco Systems 3130 User Manual
34-15
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 34 Configuring Network Security with ACLs
Configuring IPv4 ACLs
After creating a numbered extended ACL, you can apply it to terminal lines (see the
), to interfaces (see the
), or to VLANs (see the
Resequencing ACEs in an ACL
Sequence numbers for the entries in an access list are automatically generated when you create a new
ACL. You can use the ip access-list resequence global configuration command to edit the sequence
numbers in an ACL and change the order in which ACEs are applied. For example, if you add a new ACE
to an ACL, it is placed at the bottom of the list. By changing the sequence number, you can move the
ACE to a different position in the ACL.
ACL. You can use the ip access-list resequence global configuration command to edit the sequence
numbers in an ACL and change the order in which ACEs are applied. For example, if you add a new ACE
to an ACL, it is placed at the bottom of the list. By changing the sequence number, you can move the
ACE to a different position in the ACL.
For more information about the ip access-list resequence command, see this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.
html
html
Creating Named Standard and Extended ACLs
You can identify IPv4 ACLs with an alphanumeric string (a name) rather than a number. You can use
named ACLs to configure more IPv4 access lists in a router than if you were to use numbered access
lists. If you identify your access list with a name rather than a number, the mode and command syntax
are slightly different. However, not all commands that use IP access lists accept a named access list.
named ACLs to configure more IPv4 access lists in a router than if you were to use numbered access
lists. If you identify your access list with a name rather than a number, the mode and command syntax
are slightly different. However, not all commands that use IP access lists accept a named access list.
Note
The name you give to a standard or extended ACL can also be a number in the supported range of access
list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP ACL
can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete
individual entries from a named list.
list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP ACL
can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete
individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
•
Not all commands that accept a numbered ACL accept a named ACL. ACLs for packet filters and
route filters on interfaces can use a name. VLAN maps also accept a name.
route filters on interfaces can use a name. VLAN maps also accept a name.
•
A standard ACL and an extended ACL cannot have the same name.
•
Numbered ACLs are also available, as described in the
•
You can use standard and extended ACLs (named or numbered) in VLAN maps.
•
With IPv4 QoS ACLs, if you enter the class-map {match-all | match-any} class-map-name global
configuration command, you can enter these match commands:
configuration command, you can enter these match commands:
–
match access-group acl-name
Note
The ACL must be an extended named ACL.
–
match input-interface interface-id-list
–
match ip dscp dscp-list
–
match ip precedence ip-precedence-list
You cannot enter the match access-group acl-index command.