Cisco SCE 1000 2xGBE User's Guide Page 278

  • Download
  • Add to my manuals
  • Print
  • Page
    / 490
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 277
Appendix A
Global Configuration Mode Commands
SCE 1000 2xGBE Release 2.0.10 User Guide
A-8 OL-7117-02
Global Configuration Mode Commands
access-list number permission address
Adds an entry to the bottom of the specified access list.
Authorization admin
Mode Global Configuration
P
ARAMETERS
number An access-list number (1–99).
permission Indicates whether the IP address should be allowed or denied access
permission according to the list.
deny Deny access to list member.
permit Permit access to list member.
address Addresses to be matched by this entry.
any All IP addresses are matched by this entry. This is
equivalent to specifying the address 0.0.0.0
255.255.255.255.
ip-address The IP address or range of IP addresses, matched by
this entry. This can be one address in the x.x.x.x format
or a range of addresses in the format x.x.x.x y.y.y.y
where x.x.x.x specifies the prefix bits common to all IP
addresses in the range, and y.y.y.y is a mask specifying
the bits that are ignored. In this notation, ‘1’ means bits
to ignore. For example, the address 0.0.0.0
255.255.255.255 means any IP address. The address
10.0.0.0 0.1.255.255 means IP addresses from 10.0.0.0
to 10.1.255.255. The address 1.2.3.4 0.0.0.255 means
IP addresses from 1.2.3.0 to 1.2.3.255 (A more natural
way of expressing the same range is 1.2.3.0 0.0.0.255).
E
XAMPLE:
The following example adds entries to the bottom of access-list 1. The first entry permits access to
10.1.1.0 through 10.1.1.255. The second entry denies access to any address. Together this list
allows access only to addresses 10.1.1.*.
SCE 1000(config)#access-list 1 permit 10.1.1.0 0.0.0.255
SCE 1000(config)#access-list 1 deny any
SCE 1000(config)#
The following example defines access list 2, a list that denies access to all IP addresses in the
range: 10.1.2.0 to 10.1.2.255, permits access to all other addresses in the range 10.1.0.0 to
10.1.15.255, and denies access to all other IP addresses. Note that since the first range is
contained within the second range, the order of entries is important. If they had been entered in
the opposite order, the deny entry would not have any effect.
SCE 1000 (config)#access-list 2 deny 10.1.2.0 0.0.0.255
SCE 1000 (config)#access-list 2 permit 10.1.0.0 0.0.15.255
SCE 1000(config)#
Page view 277
1 ... 277 278 279 ... 490

Comments to this Manuals

No comments