.1166..44..1133 00..00..00..00
RouterX(config)# aacccceessss--lliisstt 11 ppeerrmmiitt 00..00..00..00 225555..225555..225555..225555
(implicit deny all)
(access-list 1 deny 0.0.0.0 255.255.255.255)
RouterX(config)# iinntteerrffaaccee eetthheerrnneett 00
RouterX(config-if)# iipp aacccceessss--ggrroouupp 11 oouutt
Table 6-3 Numbered Standard IPv4 ACL Example Denying a Speci?¬?c Host
access-list
Command
Parameters Description
1 ACL number that indicates that this ACL is a standard list.
deny Indicates that traf?¬?c that matches the selected parameters is not forwarded.
172.16.4.13 IP address of the source host.
0.0.0.0 A mask that requires the test to match all bits. (This is the default mask.)
permit Indicates that traf?¬?c that matches the selected parameters is forwarded.
0.0.0.0 IP address of the source host; all 0s indicate a placeholder.
255.255.255.255 Wildcard mask; 0s indicate positions that must match, and 1s indicate ???don??™t
care??? positions.
All 1s in the mask indicate that all 32 bits are not checked in the source address.
In other words, any address will match.
226 Chapter 6: Managing Traffic with Access Control Lists
Figure 6-15 Standard ACL Denying a Speci?¬?c Subnet
The con?¬?guration in Example 6-4 provides a solution for this example.
Pages:
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345