IBM 12.1(22)EA6 User Manual
22-8
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 22 Configuring Network Security with ACLs
Configuring ACLs
Note
In addition to numbered standard and extended ACLs, you can also create named standard and extended
IP ACLs by using the supported numbers. That is, the name of a standard IP ACL can be 1 to 99; the
name of an extended IP ACL can be 100 to 199. The advantage of using named ACLs instead of
numbered lists is that you can delete individual entries from a named list.
IP ACLs by using the supported numbers. That is, the name of a standard IP ACL can be 1 to 99; the
name of an extended IP ACL can be 100 to 199. The advantage of using named ACLs instead of
numbered lists is that you can delete individual entries from a named list.
Creating a Numbered Standard ACL
Note
For information about creating ACLs to apply to a management interface, see the “Configuring IP
Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1 and
the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1. You can these apply
these ACLs only to a management interface.
Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1 and
the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1. You can these apply
these ACLs only to a management interface.
Beginning in privileged EXEC mode, follow these steps to create a numbered standard IP ACL:
1200–1299
IPX summary address access list
No
1300–1999
IP standard access list (expanded range)
Yes
2000–2699
IP extended access list (expanded range)
Yes
Table 22-2
Access List Numbers (continued)
ACL Number
Type
Supported
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
access-list access-list-number {deny | permit |
remark} {source source-wildcard | host source
| any}
remark} {source source-wildcard | host source
| any}
Define a standard IP ACL by using a source address and wildcard.
The access-list-number is a decimal number from 1 to 99 or 1300
to 1999.
to 1999.
Enter deny or permit to specify whether to deny or permit access
if conditions are matched.
if conditions are matched.
The source is the source address of the network or host from which
the packet is being sent:
the packet is being sent:
•
The 32-bit quantity in dotted-decimal format.
•
The keyword any as an abbreviation for source and
source-wildcard of 0.0.0.0 255.255.255.255. You do not need
to enter a source wildcard.
source-wildcard of 0.0.0.0 255.255.255.255. You do not need
to enter a source wildcard.
•
The keyword host as an abbreviation for source and
source-wildcard of source 0.0.0.0.
source-wildcard of source 0.0.0.0.
(Optional) The source-wildcard applies wildcard bits to the
source. (See first bullet item.)
source. (See first bullet item.)
Note
The log option is not supported on the switches.
Step 3
end
Return to privileged EXEC mode.