PurposeCommand or Action
Returns to privileged EXEC mode.end
Example:
Switch(config-ext-nacl)# end
Step 5
Verifies your entries.show running-config
Example:
Switch# show running-config
Step 6
(Optional) Saves your entries in the configuration file.copy running-config startup-config
Example:
Switch# copy running-config startup-config
Step 7
When you are creating extended ACLs, remember that, by default, the end of the ACL contains an implicit
deny statement for everything if it did not find a match before reaching the end. For standard ACLs, if you
omit the mask from an associated IP host address access list specification, 0.0.0.0 is assumed to be the mask.
After you create an ACL, any additions are placed at the end of the list. You cannot selectively add ACL
entries to a specific ACL. However, you can use no permit and no deny access-list configuration mode
commands to remove entries from a named ACL.
Being able to selectively remove lines from a named ACL is one reason you might use named ACLs instead
of numbered ACLs.
What to Do Next
After creating a named ACL, you can apply it to interfaces or to VLANs .
Configuring an Access Control Entry with Noncontiguous Ports
Perform this task to create access list entries that use noncontiguous TCP or UDP port numbers. Although
this task uses TCP ports, you could use the UDP syntax of the permit and deny commands to filter
noncontiguous UDP ports.
Although this task uses a permit command first, use the permit and deny commands in the order that achieves
your filtering goals.
The ACL—Named ACL Support for Noncontiguous Ports on an Access Control Entry feature can be
used only with named, extended ACLs.
Note
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1191
How to Configure ACLs