If the “TCP” protocol is specified, then you can also filter packets based on the
TCP control code.
- IPv6 Standard: IPv6 ACL mode that filters packets based on the source IPv6
address.
-
IPv6 Extended
: IPv6 ACL mode that filters packets based on the destination IP
address, as well as the type of the next header and the flow label (i.e., a request
for special handling by IPv6 routers).
- MAC: MAC ACL mode that filters packets based on the source or destination
MAC address and the Ethernet frame type (RFC 1060).
Web
– Click Security, ACL, Configuration. Enter an ACL name in the Name field,
select the list type (IP Standard, IP Extended, MAC, IPv6 Standard, IPv6 Extended),
and click Add to open the configuration page for the new list.
Figure 7-1 Selecting ACL Type
CLI – This example creates a standard IP ACL named bill.
Console(config)#access-list ip standard bill
Console(config-std-acl)#
26
-
2
Configuring a Standard IPv4 ACL
Command Attributes
• Action – An ACL can contain any combination of permit or deny rules.
•
Address Type
– Specifies the source IP address. Use “Any” to include all possible
addresses, “Host” to specify a specific host address in the Address field, or “IP” to
specify a range of addresses with the Address and SubMask fields. (Options: Any,
Host, IP; Default: Any)
• IP Address – Source IP address.
• Subnet Mask – A subnet mask containing four integers from 0 to 255, each
separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to
indicate “ignore.” The mask is bitwise ANDed with the specified source IP address,
and compared with the address for each IP packet entering the port(s) to which this
ACL has been assigned.
7-2
Access Control Lists
7