Step 1 |
enable
Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure
terminal
Example:
Device# configure terminal
|
Enters global configuration mode.
|
Step 3 |
ip
access-list
extended
access-list-name
Example:
Device(config)# ip access-list extended ttlfilter
|
Defines an IP access list by name.
|
Step 4 | [sequence-number]
permit
protocol
source
source-wildcard
destination
destination-wildcard
ttl
operator value
Example:
Device(config-ext-nacl)# permit ip host 172.16.1.1 any ttl lt 2
|
Sets conditions to allow a packet to pass a named IP access list.
|
Step 5 | Continue to add
permit or
deny statements to achieve the filtering you want.
|
The packets that pass the access list will be dropped.
|
Step 6 |
exit
Example:
Device(config-ext-nacl)# exit
|
Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
|
Step 7 |
class-map
class-map-name
[match-all |
match-any]
Example:
Device(config)# class-map acl-filtering
|
Creates a class map to be used for matching packets to a specified class.
|
Step 8 |
match
access-group
{access-group |
name
access-group-name}
Example:
Device(config-cmap)# match access-group name ttlfilter
|
Configures the match criteria for a class map on the basis of the specified access control list.
|
Step 9 |
exit
Example:
Device(config-cmap)# exit
|
Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
|
Step 10 |
policy-map
policy-map-name
Example:
Device(config)# policy-map acl-filter
|
Creates or modifies a policy map that can be attached to one or more interface to specify a service policy.
|
Step 11 |
class
{class-name |
class-default}
Example:
Device(config-pmap)# class acl-filter-class
|
Specifies the name of the class whose policy you want to create or change or to specify the default class (commonly known as the class-default class) before you configure its policy.
|
Step 12 |
drop
Example:
Device(config-pmap-c)# drop
|
Configures a traffic class to discard packets belonging to a specific class.
|
Step 13 |
exit
Example:
Device(config-pmap-c)# exit
|
Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
|
Step 14 |
exit
Example:
Device(config-pmap)# exit
|
Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
|
Step 15 |
control-plane
Example:
Device(config)# control-plane
|
Associates or modifies attributes or parameters that are associated with the control plane of the device.
|
Step 16 |
service-policy
{input |
output}
policy-map-name
Example:
Device(config-cp)# service-policy input acl-filter
|
Attaches a policy map to a control plane for aggregate control plane services.
|