Reference Guide
Network Security 235
Configuring IP-based ACLs Using CLI Commands
The following table summarizes the CLI commands for configuring IP-based
ACLs
.
The following is an example of some of the CLI commands:
IPv4-Based ACEs
To add a rule to an ACL:
1
Click
Switching
>
Network Security
>
IPv4 Based ACE
to display the
IPv4 Based ACE
page.
The currently-defined rules for the selected ACL are displayed.
2
To add a rule, click
Add ACE
.
3
Select a user-defined ACL, and enter the following fields:
–
New ACE Priority (1-2147483647)
—Enter the priority of the ACE.
ACEs with higher priority are processed first. One is the highest
priority.
–
Protocol Select From List
— Select to create an ACE, based on a
specific protocol. The following options are available:
•
ICMP —
Internet Control Message Protocol (ICMP). The ICMP
enables the gateway or destination host to communicate with the
source host, for example, to report a processing error.
•
IGMP —
Internet Group Management Protocol (IGMP).
Enables hosts to notify their local switch or router that they want
to receive transmissions assigned to a specific multicast group.
Table 9-4. IP-Based ACL CLI Commands
CLI Command Description
ip access-list extended acl-
name
no ip access-list extended acl-
name
Defines an IPv4 access list and places
the device in IPv4 access list
configuration mode
Use the no form of this command to
remove the access list.
console(config)# ip access-list extended server-acl