PurposeCommand or Action
•
If a sequence-number is specified, the rest of the
command syntax is optional.
Specifies a permit statement in named access list
configuration mode.
[sequence-number] permit protocol source
source-wildcard[operator port[port]] destination
Step 6
destination-wildcard[operator port[port]] [option
•
In this instance, a group of access list entries with
noncontiguous ports was consolidated into one permit
statement.
option-name] [precedence precedence][tos tos] [log]
[time-range time-range-name] [fragments]
Example:
Device(config-ext-nacl)# permit tcp any neq 45
565 632 any eq 23 45 34 43
•
You can configure up to 10 ports after the eq and neq
operators.
Allows you to revise the access list.Repeat Steps 5 and 6 as necessary, adding permit or deny
statements to consolidate access list entries where possible.
Use the no sequence-number command to delete an entry.
Step 7
(Optional) Exits named access list configuration mode and
returns to privileged EXEC mode.
end
Example:
Device(config-std-nacl)# end
Step 8
(Optional) Displays the contents of the access list.
show ip access-lists access-list-name
Example:
Device# show ip access-lists mylist1
Step 9
Sequencing Access-List Entries and Revising the Access List
This task shows how to assign sequence numbers to entries in a named IP access list and how to add or delete
an entry to or from an access list. When completing this task, keep the following points in mind:
•
Resequencing the access list entries is optional. The resequencing step in this task is shown as required
because that is one purpose of this feature and this task demonstrates that functionality.
•
In the following procedure, the permit command is shown in Step 5 and the deny command is shown
in Step 6. However, that order can be reversed. Use the order that suits the need of your configuration.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1195
How to Configure ACLs
To Next Page
Loading...
Need help?
General
