Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-7
This list allows only the message of host
192.168.4.12 and denies any other host.
This is because the list contains the following rule statement at the end: access-list 1
deny any
Here is another example:
access-list 1 deny host 192.168.4.12
If the list contains the only statement above, the messages from any host will be
denied on the port.
Caution
1. It is required to consider the routing update message when defining
the access list. Since the end of the access list “denies all dataflow”,
this may cause all routing update messages blocked.
1.2.1.2 Order to Input Rule Sentences
Each added rule is appended to the access list. If a sentence is created, then you
cannot delete it separately and can only delete the whole access list. Therefore, the
order of access list sentences is very important. When deciding whether to forward or
block packets, a switch compares packets and sentences in the order of sentence
creation. After finding a matching sentence, it will not check other rule sentences.
If you have created a sentence and it allows all data flows to pass, then the following
sentences will not be checked, as shown in the following example:
access-list 101 deny ip any any
access-list 101 permit tcp 192.168.12.0 0.0.0.255 eq telnet any
Because the first rule sentence denies all IP messages, the host telnet message of the
192.168.12.0/24 network will be denied. Because the switch discover that the
messages match the first rule sentence, it will not check other rule sentences.
1.2.2 Configuring IP Access List
The configuration of the basic access list includes the following steps:
1. Define a basic access list
2. Apply the access list to a specific interface.
There are two methods to configure a basic access list.
Method 1: Run the following command in the global configuration mode:
Command Function
DES-7200(config)# access-list id {deny |
permit} {src src-wildcard | host src | any |
interface idx} [time-range tm-rng-name]
Define an access list
DES-7200(config)# interface interface
Select the interface to which the access list
is to be applied.