2-9
Catalyst 2950 and Catalyst 2955 Switch Command Reference
OL-10102-01
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
access-list (IP standard)
Usage Guidelines Plan your access conditions carefully. The ACL is always terminated by an implicit deny statement for
all packets.
You can use ACLs to control virtual terminal line access by controlling the transmission of packets on
an interface.
Use the show ip access-lists command to display the contents of IP ACLs.
Use the show access-lists command to display the contents of all ACLs.
Note For more information about configuring IP ACLs, see the “Configuring Network Security with ACLs”
chapter in the software configuration guide for this release.
Examples This example shows how to configure a standard IP ACL that allows only traffic from the host network
128.88.1.10 and how to apply it to an interface:
Switch(config)# access-list 12 permit host 128.88.1.10
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip access-group 12 in
This is an example of an standard ACL that allows traffic only from three specified networks. The
wildcard bits apply to the host portions of the network addresses. Any host with a source address that
does not match the ACL statements is denied.
access-list 14 permit 192.5.34.0 0.0.0.255
access-list 14 permit 128.88.0.0 0.0.0.255
access-list 14 permit 36.1.1.0 0.0.0.255
Note In these examples, all other IP access is implicitly denied.
You can verify your settings by entering the show ip access-lists or show access-lists privileged EXEC
command.
Related Commands Command Description
access-list (IP extended) Configures an extended IP ACL.
ip access-group Controls access to an interface.
show access-lists Displays ACLs configured on the switch.
show ip access-lists Displays IP ACLs configured on the switch.
To Next Page
Loading...
Need help?
General
