2-236
Catalyst 2950 and Catalyst 2955 Switch Command Reference
OL-10102-01
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
permit (access-list configuration)
Usage Guidelines Use this command after the ip access-list global configuration command to specify permit conditions
for a named or numbered IP ACL. You can specify a source IP address, destination IP address, IP
protocol, TCP port, or UDP port. Specify the TCP and UDP port numbers only if protocol is tcp or udp
and operator is eq.
Note For more information about configuring IP ACLs, see “Configuring Network Security with ACLs”
chapter in the switch software configuration guide for this release.
Examples This example shows how to create an extended IP ACL and configure permit conditions for it:
Switch(config)# ip access-list extended Internetfilter2
Switch(config-ext-nacl)# permit host 36.10.10.5 any
Switch(config-ext-nacl)# permit host 192.1.10.8 any
This is an example of a standard ACL that sets permit conditions:
Switch(config)# ip access-list standard Acclist1
Switch(config-ext-nacl)# permit 192.5.34.0 0.0.0.255
Switch(config-ext-nacl)# permit 128.88.10.0 0.0.0.255
Switch(config-ext-nacl)# permit 36.1.1.0 0.0.0.255
Note In these examples, all other IP access is implicitly denied.
You can verify your settings by entering the show ip access-lists or show access-lists privileged EXEC
command.
Related Commands Command Description
deny (access-list configuration) Sets deny conditions for an IP ACL.
ip access-group Controls access to an interface.
ip access-list Defines an IP ACL.
show access-lists Displays ACLs configured on a switch.
show ip access-lists Displays IP ACLs configured on the switch.
To Next Page
Loading...
Need help?
General
