The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure a standard ACL and includes the following sections:
Standard ACLs identify the destination IP addresses of OSPF routes and can be used in a route map for OSPF redistribution. Standard ACLs cannot be applied to interfaces to control traffic.
|
|
---|---|
This section includes the guidelines and limitations for this feature:
Supported in single context mode only.
Supported in routed and transparent firewall modes.
Additional Guidelines and Limitations
The following guidelines and limitations apply for standard ACLs:
– Use a 32-bit quantity in four-part, dotted-decimal format.
Table 23-1 lists the default settings for standard ACL parameters.
This section includes the following topics:
Standard ACLs identify the destination IP addresses (not source addresses) of OSPF routes and can be used in a route map for OSPF redistribution. Standard ACLs cannot be applied to interfaces to control traffic.
To add a standard ACL to your configuration, perform the following steps:
Step 1 Choose Configuration > Firewall > Advanced > Standard ACL.
Step 2 Click Add, and from the drop-down list, choose Add ACL.
Step 3 In the Add ACL dialog box, add a name or number (without spaces) to identify the ACL.
The ACL name appears in the main pane.
Step 5 Click Apply to save the ACLs to your configuration.
You can now add one or more ACEs to the newly created ACL.
To add an ACE, see Adding an ACE to a Standard ACL.
Before you can add an ACE to a configuration, you must first add an ACL. For information about adding a standard ACL, see Adding a Standard ACL. For information about editing ACEs, see Editing an ACE in a Standard ACL
To add an ACE to an ACL that exists in your configuration, perform the following steps:
Step 1 Choose Configuration > Firewall > Advanced > Standard ACL.
Step 2 In the main pane, select the ACL for which you want to add an ACE.
Step 3 Click Add, and choose Add ACE from the drop-down list.
The Add ACE dialog box appears.
Step 4 (Optional) To specify the placement of the new ACE, select an existing ACE, and click Insert... to add the ACE before the selected ACE, or click Insert After... to add the ACE after the selected ACE.
Step 5 Click one of the following radio buttons to choose an action:
Step 6 In the Address field, enter the IP address of the destination to which you want to perform or deny access.
You can also browse for the address of a network object by clicking the ellipsis at the end of the Address field.
Step 7 (Optional) In the Description field, enter a description that makes an ACE easier to understand.
The description can contain multiple lines; however, each line can be no more than 100 characters in length.
The newly created ACE appears under the ACL.
Step 9 Click Apply to save the ACE to your configuration.
To edit an ACE in a standard ACL, perform the following steps:
Step 1 Choose Configuration > Firewall > Advanced > Standard ACL.
Step 2 In the main pane, select the existing ACE that you want to edit.
The Edit ACE dialog box appears.
Step 4 Enter the desired changes.
Table 23-2 lists the release history for this feature.
|
|
|
---|---|---|
Standard ACLs identify the destination IP addresses of OSPF routes, which can be used in a route map for OSPF redistribution. |