Filter
Top Products
554 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuring standard named ACLs
16
Standard named ACL syntax
Syntax: [no] ip access-list standard <ACL-name> | <ACL-num>
Syntax: deny | permit <source-ip> | <hostname> <wildcard> [log]
or
Syntax: deny | permit <source-ip>/<mask-bits> | <hostname> [log]
Syntax: deny | permit host <source-ip> | <hostname> [log]
Syntax: deny | permit any [log]
Syntax: [no] ip access-group <ACL-name> in
The <ACL-name> parameter is the access list name. You can specify a string of up to 256
alphanumeric characters. You can use blanks in the ACL name if you enclose the name in
quotation marks (for example, “ACL for Net1”).
The <ACL-num> parameter allows you to specify an ACL number if you prefer. If you specify a
number, you can specify from 1 – 99 for standard ACLs.
NOTE
For convenience, the software allows you to configure numbered ACLs using the syntax for named
ACLs. The software also still supports the older syntax for numbered ACLs. Although the software
allows both methods for configuring numbered ACLs, numbered ACLs are always formatted in the
startup-config and running-config files in using the older syntax, as follows.
access-list 1 deny host 209.157.22.26 log
access-list 1 deny 209.157.22.0 0.0.0.255 log
access-list 1 permit any
access-list 101 deny tcp any any eq http log
The deny | permit parameter indicates whether packets that match a policy in the access list are
denied (dropped) or permitted (forwarded).
The <source-ip> parameter specifies the source IP address. Alternatively, you can specify the host
name.
NOTE
To specify the host name instead of the IP address, the host name must be configured using the
DNS resolver on the Dell PowerConnect device. To configure the DNS resolver name, use the ip dns
server-address… command at the global CONFIG level of the CLI.
The <wildcard> parameter specifies the mask value to compare against the host address specified
by the <source-ip> parameter. The <wildcard> is in dotted-decimal notation (IP address format). It
is a four-part value, where each part is 8 bits (one byte) separated by dots, and each bit is a one or
a zero. Each part is a number ranging from 0 to 255, for example 0.0.0.255. Zeros in the mask
mean the packet source address must match the <source-ip>. Ones mean any value matches. For
example, the <source-ip> and <wildcard> values 209.157.22.26 0.0.0.255 mean that all hosts in
the Class C subnet 209.157.22.x match the policy.
If you prefer to specify the wildcard (mask value) in CIDR format, you can enter a forward slash after
the IP address, then enter the number of significant bits in the mask. For example, you can enter
the CIDR equivalent of “209.157.22.26 0.0.0.255” as “209.157.22.26/24”. The CLI automatically
converts the CIDR number into the appropriate ACL mask (where zeros instead of ones are the