4
Command Line Interface
Access Control List Commands
Access Control Lists (ACL) provide packet filtering for IP frames (based on address,
protocol, or Layer 4 protocol port number or TCP control code) or any frames (based
on MAC address or Ethernet type). To filter packets, first create an access list, add
the required rules and then bind the list to a specific port. This section describes the
Access Control List commands.
Command Groups
IP ACLs
MAC ACLs
ACL Information
IP ACLs
The commands in this section configure ACLs based on IP addresses, TCP/UDP
port number, protocol type, and TCP control code. To configure IP ACLs, first create
an access list containing the required permit or deny rules, and then bind the access
list to one or more ports.
Command
access-list ip
permit, deny
permit, deny
show ip access-list
ip access-group
show ip access-group
4-176
Table 4-47 Access Control Lists
Function
Configures ACLs based on IP addresses, TCP/UDP port number, and
protocol type
Configures ACLs based on hardware addresses, packet format, and
Ethernet type
Displays ACLs and associated rules; shows ACLs assigned to each port 4-187
Table 4-48 IP ACLs
Function
Creates an IP ACL and enters configuration mode for
standard or extended IP ACLs
Filters packets matching a specified source IP address
Filters packets meeting the specified criteria, including
source and destination IP address, TCP/UDP port number,
protocol type, and TCP control code
Displays the rules for configured IP ACLs
Adds a port to an IP ACL
Shows port assignments for IP ACLs
Page
4-176
4-182
Mode
Page
GC
4-177
STD-ACL
4-178
EXT-ACL
4-179
PE
4-181
IC
4-181
PE
4-181