PurposeCommand or Action
Defines a standard IPv4 access list using a name, and enter
access-list configuration mode.
ip access-list standard name
Example:
Switch(config)# ip access-list standard 20
Step 2
The name can be a number from 1 to 99.
In access-list configuration mode, specify one or more
conditions denied or permitted to decide if the packet is
forwarded or dropped.
Use one of the following:
Step 3
•
deny {source [source-wildcard] | host source | any}
[log]
• host source—A source and source wildcard of source
0.0.0.0.
•
permit {source [source-wildcard] | host source |
any} [log]]
• any—A source and source wildcard of 0.0.0.0
255.255.255.255.
Example:
Switch(config-std-nacl)# deny 192.168.0.0
0.0.255.255 255.255.0.0 0.0.255.255
or
Switch(config-std-nacl)# permit 10.108.0.0 0.0.0.0
255.255.255.0 0.0.0.0
Returns to privileged EXEC mode.end
Example:
Switch(config-std-nacl)# end
Step 4
Creating Extended Named ACLs
Beginning in privileged EXEC mode, follow these steps to create an extended ACL using names:
SUMMARY STEPS
1.
configure terminal
2.
ip access-list extended name
3.
{deny | permit} protocol {source [source-wildcard] | host source | any} {destination [destination-wildcard]
| host destination | any} [precedence precedence] [tos tos] [established] [log] [time-range
time-range-name]
4.
end
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
126 OL-29434-01
Configuring IPv4 ACLs
Creating Extended Named ACLs
To Next Page
Loading...
