Alcatel-Lucent 6850-48 ネットワークガイド
Using ACL Manager
Configuring ACLs
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 39-17
• The order of permit and deny statements within an ACL is very important because statements are
processed in order.
• A named standard ACL cannot have the same name as that of an existing extended ACL. The reverse
is also true; named extended ACLs cannot use a name already assigned to a standard ACL.
• ACL names are truncated to 64 characters.
• When a number is specified for an ACL remark entry, ACL entries are renumbered after a switch
reboot. For example:
Aclman(config)#ip access-list extended Test10
Aclman(config-ext-nacl)#11 remark This ACL permits any 10.0.0.0 traffic
Aclman(config-ext-nacl)#12 remark This ACL blocks all 20.0.0.0 traffic
Aclman(config-ext-nacl)#permit ip host 10.0.0.0 any
Aclman(config-ext-nacl)#deny ip host 20.0.0.0 any
Aclman(config-ext-nacl)#end
Aclman#show ip access-lists Test10
Extended IP access list Test10
11 remark This ACL permits any 10.0.0.0 traffic
12 remark This ACL denys all 20.0.0.0 traffic
22 permit ip host 10.0.0.0 any
32 deny ip host 20.0.0.0 any
Aclman#write memory
Aclman#exit
Goodbye
-> reload working no rollback-timeout
-> aclman
Aclman#show ip access-lists Test10
Extended IP access list Test10
10 remark This ACL permits any 10.0.0.0 traffic
20 remark This ACL denys all 20.0.0.0 traffic
30 permit ip host 10.0.0.0 any
40 deny ip host 20.0.0.0 any
Aclman#
Configuring Numbered Standard and Extended ACLs
The access-list command in the Global Configuration Mode is used to create standard and/or extended
ACLs that are associated with a number. The number associated with an ACL determines if the ACL is of
the standard or extended type. The range of 1–99 and 1300–1999 is reserved for standard ACLs. For
example, the following command creates a standard ACL:
ACLs that are associated with a number. The number associated with an ACL determines if the ACL is of
the standard or extended type. The range of 1–99 and 1300–1999 is reserved for standard ACLs. For
example, the following command creates a standard ACL:
Aclman#(config)access-list 1 permit 10.0.0.0
The range of 100–199 and 2000–2699 is reserved for extended ACLs. For example, the following
command creates an extended ACL:
command creates an extended ACL:
Aclman#(config)access-list 102 permit ip any any
To add additional entries to the same ACL, specify the assigned number of the ACL that you want to
modify. For example, the following commands add entries to standard ACL 102:
modify. For example, the following commands add entries to standard ACL 102: