2-7
Catalyst 2950 and Catalyst 2955 Switch Command Reference
OL-10102-01
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
access-list (IP extended)
Examples This example shows how to configure an extended IP ACL that allows only TCP traffic to the destination
IP address 128.88.1.2 with a TCP port number of 25 and how to apply it to an interface:
Switch(config)# access-list 102 permit tcp any host 128.88.1.2 eq 25
Switch(config)# interface fastethernet0/8
Switch(config-if)# ip access-group 102 in
This is an example of an extended ACL that allows TCP traffic only from two specified networks. The
wildcard bits apply to the host portions of the network addresses. Any host with a source address that
does not match the ACL statements is denied.
access-list 104 permit tcp 192.5.0.0 0.0.255.255 any
access-list 104 permit tcp 128.88.0.0 0.0.255.255 any
Note In these examples, all other IP access is implicitly denied.
You can verify your settings by entering the show ip access-lists or show access-lists privileged EXEC
command.
Related Commands Command Description
access-list (IP standard) Configures a standard IP ACL.
ip access-group Controls access to an interface.
show access-lists Displays ACLs configured on the switch.
show ip access-lists Displays IP ACLs configured on the switch.
To Next Page
Loading...
