Cisco NME-16ES-1G User Guide - Page 85
Including Comments About Entries in ACLs, Applying the ACL to an Interface, no permit, no deny, remark
UPC - 882658036101
View all Cisco NME-16ES-1G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 85 highlights
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks When making the standard and extended ACL, remember that, by default, the end of the ACL contains an implicit deny statement for everything if it did not find a match before reaching the end. For standard ACLs, if you omit the mask from an associated IP host address access list specification, 0.0.0.0 is assumed to be the mask. After you create an ACL, any additions are placed at the end of the list. You cannot selectively add ACEs to a specific ACL. However, you can use no permit and no deny commands to remove ACEs from a named ACL. Being able to selectively remove lines from a named ACL is one reason you might use named ACLs instead of numbered ACLs. After creating an ACL, you must apply it to a line or interface, as described in the "Applying the ACL to an Interface" section on page 85. Including Comments About Entries in ACLs You can use the remark command to include comments (remarks) about entries in any IP standard or extended ACL. The remarks make the ACL easier for you to understand and scan. Each remark line is limited to 100 characters. The remark can go before or after a permit or deny statement. You should be consistent about where you put the remark so that it is clear which remark describes which permit or deny statement. For example, it would be confusing to have some remarks before the associated permit or deny statements and some remarks after the associated statements. For IP numbered standard or extended ACLs, use the access-list access-list number remark remark global configuration command to include a comment about an access list. To remove the remark, use the no form of this command. For an entry in a named IP ACL, use the remark access-list global configuration command. To remove the remark, use the no form of this command. Applying the ACL to an Interface After you create an ACL, you can apply it to one or more interfaces. ACLs can be applied on inbound interfaces. This section describes how to accomplish this task for network interfaces. Note these guidelines: • When controlling access to a line, you must use a number. Numbered ACLs can be applied to lines. • When controlling access to an interface, you can use a name or number. Beginning in privileged EXEC mode, follow these steps to control access to a Layer 2 or Layer 3 interface: Step 1 Step 2 Step 3 Step 4 Command Purpose configure terminal Enters global configuration mode. interface interface-id Identifies a specific interface for configuration and enter interface configuration mode. The interface must be a Layer 2 interface or routed port. ip access-group {access-list-number | Controls access to the specified interface. name} {in} end Returns to privileged EXEC mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 85