SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ip access-list extended access-list-name
4.
[sequence-number] permit tcp source source-wildcard [operator port [port]] destination
destination-wildcard [operator [port]] [established {match-any | match-all} {+ | -} flag-name]
[precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
5.
[sequence-number] deny tcp source source-wildcard [operator port [port]] destination destination-wildcard
[operator [port]] [established {match-any | match-all} {+ | -} flag-name] [precedence precedence] [tos
tos] [log] [time-range time-range-name] [fragments]
6.
Repeat Step 4 or Step 5 as necessary, adding statements by sequence number where you planned. Use the
no sequence-number command to delete an entry.
7.
end
8.
show ip access-lists access-list-name
DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode.enable
Step 1
Example:
Device> enable
•
Enter your password if prompted.
Enters global configuration mode.configure terminal
Example:
Device# configure terminal
Step 2
Specifies the IP access list by name and enters named access list
configuration mode.
ip access-list extended access-list-name
Example:
Device(config)# ip access-list extended
acl-extd-1
Step 3
Specifies a permit statement in named IP access list configuration
mode.
[sequence-number] permit tcp source source-wildcard
[operator port [port]] destination destination-wildcard
Step 4
[operator [port]] [established {match-any |
•
Operators include lt (less than), gt (greater than), eq (equal),
neq (not equal), and range (inclusive range).
match-all} {+ | -} flag-name] [precedence
precedence] [tos tos] [log] [time-range
time-range-name] [fragments]
•
If the operator is positioned after the source and
source-wildcard arguments, it must match the source port.
Example:
Device(config-ext-nacl)# permit tcp any eq
telnet ftp any eq 450 679
If the operator is positioned after the destination and
destination-wildcard arguments, it must match the destination
port.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1192
How to Configure ACLs
To Next Page
Loading...
Need help?
General
