Filtering Traffic With An Acl; Acl Configuration Examples; Examples Of Extended Acls - Cisco 4700M Configuration Manual

Chapter 1 Configuring Security Access Control Lists

Filtering Traffic with an ACL

ACL Configuration Examples

Examples of Extended ACLs

OL-16202-01
You can use an ACL to filter interesting traffic and instruct the ACE to either
permit or deny the traffic based on the action in the ACL. To filter traffic using an
ACL, use the match access-list command in a Layer 3 and Layer 4 class map.
When a packet matches an entry in an ACL, and if it is a permit entry, the ACE
allows the matching result. If it is a deny entry, the ACE blocks the matching
result. For details about configuring a Layer 3 and Layer 4 class map and policy
map, see Chapter 4, Configuring Security Access Control
This section provides the following examples of the different types of ACLs
available in the ACE:
Examples of Extended ACLs
•
Examples of EtherType ACLs
•
This section provides examples of extended ACLs. Use extended ACLs when you
want to specify both the source IP address and the destination IP address (IP),
ports (TCP or UDP), and ICMP types. For details about configuring extended
ACLs, see the "Configuring an Extended ACL"
The following ACL allows all hosts (on the interface to which you apply the ACL)
to go through the ACE:
host1/Admin(config)# access-list ACL_IN extended permit ip any any
The following ACL prevents hosts on 192.168.1.0/24 from accessing the
209.165.201.0/27 network. All other addresses are permitted.
host1/Admin(config)# access-list ACL_IN extended deny tcp 192.168.1.0
255.255.255.0 209.165.201.0 255.255.255.224
host1/Admin(config)# access-list ACL_IN extended permit ip any any
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Filtering Traffic with an ACL
Lists.
section.
1-33