Specifications

ManualsBrandsEnterasys ManualsComputer equipmentC2K122-24

721

722

723

724

725

726

727

728

729

730

access-list (extended)

SecureStack C3 Configuration Guide 21-73

Defaults

Ifinsert,replace,ormovearenotspecified,thenewentrywillbeappendedtotheaccesslist.

Ifsource2isnotspecifiedwithmove,onlyoneentrywillbemoved.

Ifoperatorandportarenotspecified,accessparameterswillbeappliedtoallTCPorUDPports.

Mode

Globalconfiguration:C3(su)‐>router(Config)#

Usage

Accesslistsareappliedtointerfacesbyusingtheipaccess‐groupcommandasdescribedin“ip

access‐group”onpage 21‐74.

Validaccess‐list‐numbersforextendedACLsare100to199.ForstandardACLs,validvaluesare1

to99.

Example

Thisexampleshowshowtodefineaccesslist101todenyICMPtransmissionsfromanysource

andforanydestination:

C3(su)->router(Config)#access-list 101 deny ICMP any any

source Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid

optionsforexpressingsourceare:

•IPaddressorrangeofaddresses(A.B.C.D)

• any‐Anysourcehost

• hostsource‐IPaddressofasinglesourcehost

source‐wildcard (Optional)Specifiesthebitstoignoreinthesourceaddress.

operatorport

(Optional)AppliesaccessrulestoTCPorUDP sourceordestinationport

numbers.Possibleoperandis:

• eqport‐Matchesonlypacketsonagivenportnumber.

destination Specifiesthenetworkorhosttowhichthepacketwillbesent.Validoptions

forexpressingdestinationare:

•IPaddress(A.B.C.D)

• any‐Anydestination

host

• hostsource‐IPaddressofasingledestinationhost

destination‐

wildcard

(Optional)Specifiesthebitstoignoreinthedestinationaddress.

insert|replace

entry

(Optional)Insertsthisnewentrybeforeaspecifiedentryinanexisting

ACL,orreplacesaspecifiedentrywiththisnewentry.

movedestination

source1source2

(Optional)Moves

asequenceofaccesslistentriesbeforeanotherentry.

Destinationisthenumberoftheexistingentrybeforewhichthisnewentry

willbemoved.Source1isasingleentrynumberorthefirstentrynumberin

therangetobemoved.Source2(optional)isthelastentrynumberin

the

rangetobemoved.Ifsource2isnotspecified,onlythesource1entrywillbe

moved.