Alcatel-Lucent 6850-48 Network Guide
Using ACL Manager
Configuring ACLs
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 39-19
Configuring Named Standard and Extended ACLs
The ip access-list command in the Global Configuration Mode is used to create standard or extended
ACLs that are associated with a name. The standard and extended parameters available with this
command are used to specify the ACL type. For example, the following command creates a standard ACL
named “Test1” and an Extended ACL named “Test2”.
ACLs that are associated with a name. The standard and extended parameters available with this
command are used to specify the ACL type. For example, the following command creates a standard ACL
named “Test1” and an Extended ACL named “Test2”.
Aclman(config)#ip access-list standard Test1
Aclman#(config)#ip access-list extended Test2
The ip access-list command also invokes the Access List Configuration Mode, which is used to create
ACL entries for the named ACL. For example:
ACL entries for the named ACL. For example:
Aclman(config)#ip access-list standard Test1
Aclman(config-std-nacl#permit any
Aclman(config-std-nacl)#deny host 12.255.10.58
Aclman(config-std-nacl)#exit
Aclman(config)#
Note that it is possible to add and remove named ACL entries without having to delete and re-enter the
entire ACL configuration. For example:
entire ACL configuration. For example:
Aclman(config)#ip access-list extended Test2
Aclman(config-ext-nacl)#permit ip any any
Aclman(config-ext-nacl)#permit udp host 198.172.10.4 any
Aclman(config-ext-nacl)#permit tcp host 11.22.3.1 any
Aclman(config-ext-nacl)#end
Aclman#show ip access-list Test2
Extended IP access list Test2
10 permit ip any any
20 permit udp host 198.172.10.4 any
30 permit tcp host 11.22.3.1 any
Aclman#configure terminal
Aclman(config)#ip access-list extended Test2
Aclman(config-ext-nacl)#no permit ip any any
Aclman(config-ext-nacl)#permit ip any 172.10.5.0 0.0.255.255
Aclman(config-ext-nacl)#end
Aclman#show ip access-list Test2
Extended IP access list Test2
10 permit udp host 198.172.10.4 any
20 permit tcp host 11.22.3.1 any
30 permit ip any 172.10.5.0 0.0.255.255
In the above example, the permit ip any any entry is removed from the Test2 extended ACL. A new
entry, permit ip any 172.10.5.0 0.0.255.255, is then added to the same ACL. Note that new entries are
added to the end of the access list by default. However, it is possible to specify a sequence number with
the new ACL statement to position the statement at a desired location within the ACL. For example,
entry, permit ip any 172.10.5.0 0.0.255.255, is then added to the same ACL. Note that new entries are
added to the end of the access list by default. However, it is possible to specify a sequence number with
the new ACL statement to position the statement at a desired location within the ACL. For example,
Aclman(config)#ip access-list extended Test 2
Aclman(config-ext-nacl)#15 deny tcp any any
Aclman(config-ext-nacl)#end
Aclman#show ip access-list Test2
Extended IP access list Test2
10 permit udp host 198.172.10.4 any
15 deny tcp any any