ACL Commands 161
5
ACL Commands
This chapter explains the following commands:
• access-list
•deny | permit
•ip access-group
• mac access-group
• mac access-list extended
• mac access-list extended rename
• show ip access-lists
• show mac access-list
access-list
Use the access-list command in Global Configuration mode to create an Access Control List
(ACL) that is identified by the parameter
list-name
.
Syntax
access-list
std-list-num
{deny | permit} {
srcip
srcmask
| every} [log] [assign-queue
queue-id
]
[redirect
interface
| mirror
interface
]
access-list
ext-list-num
{deny | permit} {every | {[icmp | igmp | ip | tcp | udp | number]
{
srcip
srcmask
| any} [eq [
portkey
|
portvalue
]] {dstip
dstmask
| any} [eq [portkey |
portvalue]] [precedence
precedence
| tos
tos tosmask
| dscp
dscp
] [log] [assign-queue
queue-
id
] [redirect
interface
| mirror
interface
]}}
no access-list
list-name
•
list-name
— Access-list name up to 31 characters in length.
•
deny | permit
— Specifies whether the IP ACL rule permits or denies an action.
•
every
— Allows all protocols.
•
eq
— Equal. Refers to the Layer 4 port number being used as match criteria. The first
reference is source match criteria, the second is destination match criteria.
•
number
— Standard protocol number. Protocol keywords icmp,igmp,ip,tcp,udp.
•
srcip
— Source IP address.
To Next Page
Loading...
