DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-6
1.2 Configuring IP Access
List
To configure access lists on a device, you must specify unique names or numbers for
the access lists of a protocol to uniquely identifying each access list inside the protocol.
The following table lists the protocols that can use numbers to specify access lists and
the number ranges of access lists that can be used by each protocol.
Protocol Number Range
Standard IP 1-99, 1300 - 1999
Extended IP 100-199, 2000 - 2699
1.2.1 Guide to configure IP Access
List
When you create an access list, defined rules will be applied to all packet messages on
a switch. The switch decides whether to forward or block a packet messages by
judging whether the packet matches a rule.
Basic Access Lists include standard access lists and extended access lists. The typical
rules defined in access lists are the following:
Source address
Destination address
Upper layer protocol
Time range
Standard IP access lists (1 – 99, 1300 – 1999) forward or block packets according to
source addresses. Extended IP access lists (100 – 199, 2000 – 2699) use the above
four combinations to forward or block packets. Other types of access lists forward or
block packets according to related codes.
A single access list can use multiple separate access list sentences to define multiple
rules. Where, all sentences use a same number or name to bind these sentences to a
same access list. However, the more the used sentences are, the more difficult to read
and understand an access list.
1.2.1.1 Implicating “Deny Any Data
Flow” Rule Sentence
The ending part of each access list implicates a “Deny any data flow” rule sentence.
Therefore, if a packet matches no rule, then it is denied, as shown in the following
example:
access-list 1 permit host 192.168.4.12