DELL N3000 User Manual
Configuring Access Control Lists
633
Multiple access lists can be configured on an interface. The processing order
is determined by the last parameter on the access-group command where the
lowest sequence number is processed first, followed by the next higher
sequence number, etc.
In this example, access list Host10-1-1-21 is processed first, followed by Host-
In this example, access list Host10-1-1-21 is processed first, followed by Host-
1-1-23:
ip access-list Host10-1-1-23
! Permit Telnet traffic from 192.168.0.X network to host 10.1.1.23
permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23 eq telnet
! Permit UDP traffic from 192.168.0.X network to host 10.1.1.23
permit udp 192.168.0.0 0.0.0.255 host 10.1.1.23
Advanced Examples
Configuring a Time-Based ACL
The following example configures an ACL that denies HTTP traffic from
8:00 pm to 12:00 pm and 1:00 pm to 6:00 pm on weekdays and from 8:30 am
to 12:30 pm on weekends. The ACL affects all hosts connected to ports that
are members of VLAN 100. The ACL permits VLAN 100 members to browse
the Internet only during lunch and after hours.
To configure the switch:
To configure the switch:
1 Create a time range called work-hours.
console#config
console(config)#time-range work-hours
2 Configure an entry for the time range that applies to the morning shift
Monday through Friday.
console(config-time-range)#periodic weekdays 8:00 to 12:00
3 Configure an entry for the time range that applies to the afternoon shift
Monday through Friday.
console(config-time-range)#periodic weekdays 13:00
to 18:00
4 Configure an entry for the time range that applies to Saturday and Sunday.
console(config-time-range)#periodic weekend 8:30 to 12:30
console(config-time-range)#exit