Filter
Top Products
A
CCESS
C
ONTROL
L
ISTS
3-73
2. Allow TCP packets from class C addresses 192.168.1.0 to any
destination address when set for destination TCP port 80 (i.e., HTTP).
3. Permit all TCP packets from class C addresses 192.168.1.0 with the
TCP control code set to “SYN.”
Binding a Port to an Access Control List
After configuring the Access Control Lists (ACL), you can bind the ports
that need to filter traffic to the appropriate ACLs. You can assign one IP
access list to any port.
Command Usage
• Each ACL can have up to 60 rules.
• This switch supports ACLs for ingress filtering only. However, you can
only bind one IP ACL to any port for ingress filtering. In other words,
only one ACL can be bound to an interface - Ingress IP ACL.
Command Attributes
•Port – Fixed port or SFP module. (Range: 1-50)
• IP – Specifies the IP ACL to bind to a port.
• IN – ACL for ingress packets.
• ACL Name – Name of the ACL.
Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any 4-116
Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any dport 80
Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any tcp
control-code 2 2
Console(config-std-acl)#