Support User Manuals

Asante Technologies 35516 Switch User Manual

Open as PDF

of 77

56

eq Operator - equal to

gt Operator - greater then

lt Operator - less then

neq Operator - NOT equal to

<cr>

Router(config)# $ list 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 eq ?

<0-65535> Protocol port number

Router(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 21

Router(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 20

Router(config)# $ permit ip 192.168.123.0 0.0.0.255 0.0.0.0 255.255.255.255

Router(config)# exit

Router# show access-list

5.6.3 Creating an Access List with a Name

From the global configuration mode, you can also create access lists through the Router(config)# ip

command. Through this method, you may name your access list, rather than using a number. The new

prompt reflects the named access list mode.

Router(config)# ip ?

access-list Named access-list

forward-protocol Controls forwarding of physical and directed IP

prefix-list Build a prefix list

route Establish static routes

Router(config)# ip access-list ?

standard Standard Access List

extended Extended Access List

Router(config)# ip access-list standard ?

WORD Access-list name or Standard IP access-list number <1-99>

Router(config)# ip access-list standard test

Router(config-std-nacl)# ?

deny Specify packets to reject

end End current mode and change to enable mode

exit Exit current mode and down to previous mode

help Description of the interactive help system

no Negate a command or set its defaults

permit Specify packets to forward

quit Exit current mode and down to previous mode

remark Access list entry comment

Router(config-std-nacl)#

At the Router(config-std-nacl)# prompt, you may proceed with the access list permit or deny

statements.

5.6.4 Applying an Access List to an Interface

After creating your access lists, you must apply them to an interface in order to enable the access list. Enter

the interface configuration mode for the desired interface. Each interface may have only one access list

applied to it at one time. Access lists are applied to either inbound traffic or to outbound traffic.

In the next example, we will create an extended access list that will allow only SMTP traffic (port 25) to be

sent out, and deny all other traffic.

previous next