28-13
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 28 Configuring Network Security with ACLs
Configuring ACLs
Creating Named Standard and Extended ACLs
You can identify IP ACLs with an alphanumeric string (a name) rather than a number. You can use named
ACLs to configure more IP access lists on a switch than if you use numbered access lists. If you identify
your access list with a name rather than a number, the mode and command syntax are slightly different.
However, not all commands that use IP access lists accept a named ACL.
Note The name you give to a standard ACL or extended ACL can also be a number in the supported range of
access list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP
ACL can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can
delete individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
• A standard ACL and an extended ACL cannot have the same name.
• Numbered ACLs are also available, as described in the “Creating Standard and Extended IP ACLs”
section on page 28-7.
Beginning in privileged EXEC mode, follow these steps to create a standard named access list using
names:
Beginning in privileged EXEC mode, follow these steps to create an extended named ACL using names:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip access-list standard {name |
access-list-number}
Define a standard IP access list by using a name, and enter
access-list configuration mode.
Note The name can be a number from 1 to 99.
Step 3
deny {source source-wildcard | host source |
any}
or
permit {source source-wildcard | host source |
any}
In access-list configuration mode, specify one or more conditions
denied or permitted to determine if the packet is forwarded or
dropped.
• host source represents a source and source-wildcard of source
0.0.0.0.
• any represents a source and source-wildcard of 0.0.0.0
255.255.255.255.
Note The log option is not supported on the switches.
Step 4
end Return to privileged EXEC mode.
Step 5
show access-lists [number | name] Show the access list configuration.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip access-list extended {name |
access-list-number}
Define an extended IP access list by using a name, and enter
access-list configuration mode.
Note The name can be a number from 100 to 199.
To Next Page
Loading...
