Administrator Guide
Configure an Extended IP ACL
Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host
addresses, UDP addresses, and UDP host addresses.
Because traffic passes through the filter in the order of the filter’s sequence, you can configure the extended
IP ACL by first entering IP ACCESS LIST mode and then assigning a sequence number to the filter.
Configuring Filters with a Sequence
Number
To configure filters with a sequence number, use the following commands.
1 Enter IP ACCESS LIST mode by creating an extended IP ACL.
CONFIGURATION mode
ip access-list extended access-list-name
2 Configure a drop or forward filter.
CONFIG-EXT-NACL mode
seq sequence-number {deny | permit} {ip-protocol-number | icmp | ip | tcp |
udp} {source mask | any | host ip-address} {destination mask | any | host ip-
address} [operator port [port]] [count [byte]] [order] [fragments]
When you create the filters with a specific sequence number, you can create the filters in any order and the
filters are placed in the correct order.
NOTE: When assigning sequence numbers to filters, you might need to insert a new filter. To prevent
reconfiguring multiple filters, assign sequence numbers in multiples of five or another number.
The following examples shows how the seq command orders the filters according to the sequence number
assigned. In the example, filter 15 was configured before filter 5, but the show config command displays the
filters in the correct order.
Dell(conf-ext-nacl)#seq 15 deny ip host 112.45.0.0 any
Dell(conf-ext-nacl)#seq 5 permit tcp 12.1.3.45 255.255.0.0 any
Dell(conf-ext-nacl)#show config
!
ip access-list extended dilling
seq 5 permit tcp 12.1.0.0 255.255.0.0 any
seq 15 deny ip host 112.45.0.0 any
Dell(conf-ext-nacl)#
Access Control Lists (ACLs) 134