Filter
Top Products
628 Configuring Access Control Lists
ACL Configuration Examples
This section contains the following examples:
•"Basic Rules" on page628
•"Internal System ACLs" on page629
•"Complete ACL Example" on page629
• "Advanced Examples" on page 633
• "Policy Based Routing Examples" on page 640
Basic Rules
• Inbound rule allowing all packets:
permit every
Administrators should be cautious when using the
permit every
rule in an
access list, especially when using multiple access lists. All packets match a
permit every
rule and no further processing is done on the packet. This
means that a
permit every
match in an access list will skip processing
subsequent rules in the current or subsequent access-lists and allow all
packets not previously denied by a prior rule.
• Inbound rule to drop all packets:
As the last rule in a list, this rule is redundant as an implicit "deny every" is
added after the end of the last access-group configured on an interface.
deny every
Administrators should be cautious when using the
deny every
rule in an
access list, especially when using multiple access lists. When a packet
matches a rule, no further processing is done on the packet. This means
that a
deny every
match in an access list will skip processing subsequent
rules in the current or subsequent access-lists and drop all packets not
previously allowed by a prior rule.
• Inbound rule allowing access FROM hosts with IP addresses ranging from
10.0.46.0 to 10.0.47.254:
NOTE: None of these ACL rules are applicable to the OOB interface.