Configuring standard ACLs
Permit or deny any IPv4 traffic based on source address only.
Quickly control the IPv4 traffic from a specific address. This allows you to isolate IPv4 traffic problems generated by a specific device, group of devices, or a subnet threatening to degrade network performance. This gives you an opportunity to troubleshoot without sacrificing performance for users outside of the problem area.
A named,
standard ACL is identified by an alphanumeric string of up to 64 characters
and is created by entering the Named ACL (nacl
)
context. A numbered, standard ACL is identified by a number in the
range of 1 - 99 and is created without having to leave the global
config context. Note that the CLI command syntax for creating a named
ACL differs from the command syntax for creating a numbered ACL. For
example, the first pair of entries below illustrate how to create
(or enter) a named, standard ACL and enter an ACE. The next entry
illustrates creating a numbered, standard ACL with the same ACE.
switch(config)# ip access-list standard Test-List
switch(config-std-nacl)# permit host 10.10.10.147
switch(config)# access-list 1 permit host 10.10.10.147
Note that once a numbered ACL has been created, it can
be accessed using the named ACL method. This is useful if it becomes
necessary to edit a numbered ACL by inserting or removing individual
ACEs. Inserting or deleting an ACE is done by sequence number, and
requires the Named ACL (nacl
) context. The switch
allows a maximum of 2048 unique ACL identities (IPv4 and IPv6 combined).
For more on this topic, see Monitoring shared resources.