IBM 12.1(22)EA6 Manual De Usuario
22-13
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 22 Configuring Network Security with ACLs
Configuring ACLs
Beginning in privileged EXEC mode, follow these steps to create a standard named access list using
names:
names:
Beginning in privileged EXEC mode, follow these steps to create an extended named ACL using names:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
ip access-list standard {name |
access-list-number}
access-list-number}
Define a standard IP access list by using a name, and enter
access-list configuration mode.
access-list configuration mode.
Note
The name can be a number from 1 to 99.
Step 3
deny {source source-wildcard | host source |
any}
any}
or
permit {source source-wildcard | host source |
any}
any}
In access-list configuration mode, specify one or more conditions
denied or permitted to determine if the packet is forwarded or
dropped.
denied or permitted to determine if the packet is forwarded or
dropped.
•
host source represents a source and source-wildcard of source
0.0.0.0.
0.0.0.0.
•
any represents a source and source-wildcard of 0.0.0.0
255.255.255.255.
255.255.255.255.
Note
The log option is not supported on the switches.
Step 4
end
Return to privileged EXEC mode.
Step 5
show access-lists [number | name]
Show the access list configuration.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
ip access-list extended {name |
access-list-number}
access-list-number}
Define an extended IP access list by using a name, and enter
access-list configuration mode.
access-list configuration mode.
Note
The name can be a number from 100 to 199.
Step 3
{deny | permit} protocol
{source source-wildcard | host
{source source-wildcard | host
source | any}
[operator port] {destination
destination-wildcard | host
destination-wildcard | host
destination | any}
[operator port] [dscp dscp-value] [time-range
time-range-name]
time-range-name]
In access-list configuration mode, specify the conditions allowed
or denied.
or denied.
See the
for definitions of protocols and other keywords.
•
host source represents a source and source-wildcard of source
0.0.0.0, and host destination represents a destination and
destination-wildcard of destination 0.0.0.0.
0.0.0.0, and host destination represents a destination and
destination-wildcard of destination 0.0.0.0.
•
any represents a source and source-wildcard or destination
and destination-wildcard of 0.0.0.0 255.255.255.255.
and destination-wildcard of 0.0.0.0 255.255.255.255.
dscp—Enter to match packets with any of the supported 13 DSCP
values ( 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use
the question mark (?) to see a list of available values.
values ( 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use
the question mark (?) to see a list of available values.
The time-range keyword is optional. For an explanation of this
keyword, see the
keyword, see the
Step 4
end
Return to privileged EXEC mode.