Creating Extended Named ACLs
Follow these steps to create an extended ACL using names:
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ip access-list extended name
4.
{deny | permit} protocol {source [source-wildcard] | host source | any} {destination [destination-wildcard]
| host destination | any} [precedence precedence] [tos tos] [established] [log] [time-range
time-range-name]
5.
end
6.
show running-config
7.
copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode. Enter your password if
prompted.
enable
Example:
Switch> enable
Step 1
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 2
Defines an extended IPv4 access list using a name, and enter
access-list configuration mode.
ip access-list extended name
Example:
Switch(config)# ip access-list extended 150
Step 3
The name can be a number from 100 to 199.
In access-list configuration mode, specify the conditions
allowed or denied. Use the log keyword to get access list
logging messages, including violations.
{deny | permit} protocol {source [source-wildcard] |
host source | any} {destination [destination-wildcard]
| host destination | any} [precedence precedence] [tos
tos] [established] [log] [time-range time-range-name]
Step 4
• host source—A source and source wildcard of source
0.0.0.0.
Example:
Switch(config-ext-nacl)# permit 0 any any
• host destintation—A destination and destination wildcard
of destination 0.0.0.0.
• any—A source and source wildcard or destination and
destination wildcard of 0.0.0.0 255.255.255.255.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1190
How to Configure ACLs
To Next Page
Loading...
Need help?
General
