DETAILED STEPS
PurposeCommand or Action
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 1
Defines an extended IPv4 access list using a name, and enter
access-list configuration mode.
ip access-list extended name
Example:
Switch(config)# ip access-list extended 150
Step 2
The name can be a number from 100 to 199.
In access-list configuration mode, specify the conditions allowed
or denied. Use the log keyword to get access list logging
messages, including violations.
{deny | permit} protocol {source [source-wildcard]
| host source | any} {destination
[destination-wildcard] | host destination | any}
Step 3
[precedence precedence] [tos tos] [established] [log]
[time-range time-range-name]
• host source—A source and source wildcard of source
0.0.0.0.
Example:
Switch(config-ext-nacl)# permit 0 any any
• host destintation—A destination and destination wildcard
of destination 0.0.0.0.
• any—A source and source wildcard or destination and
destination wildcard of 0.0.0.0 255.255.255.255.
Returns to privileged EXEC mode.end
Example:
Switch(config-ext-nacl)# end
Step 4
When you are creating extended ACLs, remember that, by default, the end of the ACL contains an implicit
deny statement for everything if it did not find a match before reaching the end. For standard ACLs, if you
omit the mask from an associated IP host address access list specification, 0.0.0.0 is assumed to be the mask.
After you create an ACL, any additions are placed at the end of the list. You cannot selectively add ACL
entries to a specific ACL. However, you can use no permit and no deny access-list configuration mode
commands to remove entries from a named ACL. This example shows how you can delete individual ACEs
from the named access list border-list:
Switch(config)# ip access-list extended border-list
Switch(config-ext-nacl)# no permit ip host 10.1.1.3 any
Being able to selectively remove lines from a named ACL is one reason you might use named ACLs instead
of numbered ACLs.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29434-01 127
Configuring IPv4 ACLs
Creating Extended Named ACLs
To Next Page
Loading...
Need help?
General
