22-13
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 22 Configuring Network Security with ACLs
Configuring ACLs
Beginning in privileged EXEC mode, follow these steps to create a standard named access list using
names:
Beginning in privileged EXEC mode, follow these steps to create an extended named ACL using names:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip access-list standard {name |
access-list-number}
Define a standard IP access list by using a name, and enter
access-list configuration mode.
Note The name can be a number from 1 to 99.
Step 3
deny {source source-wildcard | host source |
any}
or
permit {source source-wildcard | host source |
any}
In access-list configuration mode, specify one or more conditions
denied or permitted to determine if the packet is forwarded or
dropped.
• host source represents a source and source-wildcard of source
0.0.0.0.
• any represents a source and source-wildcard of 0.0.0.0
255.255.255.255.
Note The log option is not supported on the switches.
Step 4
end Return to privileged EXEC mode.
Step 5
show access-lists [number | name] Show the access list configuration.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip access-list extended {name |
access-list-number}
Define an extended IP access list by using a name, and enter
access-list configuration mode.
Note The name can be a number from 100 to 199.
Step 3
{deny | permit} protocol
{source source-wildcard | host source | any}
[operator port] {destination
destination-wildcard | host destination | any}
[operator port] [dscp dscp-value] [time-range
time-range-name]
In access-list configuration mode, specify the conditions allowed
or denied.
See the “Creating a Numbered Extended ACL” section on
page 22-9 for definitions of protocols and other keywords.
• host source represents a source and source-wildcard of source
0.0.0.0, and host destination represents a destination and
destination-wildcard of destination 0.0.0.0.
• any represents a source and source-wildcard or destination
and destination-wildcard of 0.0.0.0 255.255.255.255.
dscp—Enter to match packets with any of the supported 13 DSCP
values ( 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use
the question mark (?) to see a list of available values.
The time-range keyword is optional. For an explanation of this
keyword, see the “Applying Time Ranges to ACLs” section on
page 22-14.
Step 4
end Return to privileged EXEC mode.