Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-8
Command Function
DES-7200(config-if)# ip access-group id { in |
out } [unreflect]
Apply the access list to the specific
interface
Method 2: Run the following command in the ACL configuration mode:
Command Function
DES-7200(config)# ip access-list { standard |
extended } { id | name }
Enter the access list configuration mode
DES-7200 (config-xxx-nacl)# [sn] { permit |
deny } {src src-wildcard | host src | any }
[time-range tm-rng-name]
Add table entries for ACL. For details,
please see command reference.
DES-7200(config-xxx-nacl)# exit
DES-7200(config)# interface interface
Exit from the access control list mode and
select the interface to which the access list
is to be applied.
DES-7200(config-if)# ip access-group id { in |
out } [unreflect]
Apply the access list to the specific
interface
Note
Method 1 only configures the numerical value ACL. Method 2 can
configure names and numerical value ACL and specify the priorities of
table entries (in the devices that support ACE priority levels).
By default, the reflected ACL is enabled on the IP ACL port. Use the
unreflect command to disable the reflected ACL.
(The following introduces the operation principle of the reflected
ACL:
a. Router auto-generates a temporary access list according to the
L3, L4 information of the beginning traffic in the internal network
based on the principles of protocol is constant, the source and
destination IP addresses, and the source and destination ports
are rigidly exchanged.
b. Routers allows the traffic to flow into the internal network only
when the L3, L4 information of returned traffic is matched with the
one in the temporary access list previously created based on the
outputting traffic. )
1.2.3 Showing IP ACL
To monitor access lists, run the following command the in privileged user mode:
Command Function