Configuring Access Control Lists access-list (extended)
34-6
addresses. Any host with a source address that does not match the access list entries will be
rejected:
C3(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255
C3(su)->router(Config)#access-list 1 permit 128.88.0.0 0.0.255.255
C3(su)->router(Config)#access-list 1 permit 36.0.0.0 0.255.255.255
This example moves entry 16 to the beginning of ACL 22:
C3(su)->router(Config)#access-list 22 move 1 16
access-list (extended)
Use this command to define an extended IP access list by number when operating in router mode.
The no form of this command removes the defined access list or entry:
Syntax
To create an extended ACL entry:
access-list access-list-number {deny | permit} protocol source [source-wildcard]
[eq port] destination [destination-wildcard] [eq port][precedence precedence | tos
tos tosmask | dscp dscp ] [assign-queue queue-id]
no access-list access-list-number [entryno [entryno]]
To insert or replace an ACL entry:
access-list access-list-number insert | replace entryno {deny | permit} protocol
source [source-wildcard] [eq port] destination [destination-wildcard] [eq port]
[precedence precedence | tos tos tosmask | dscp dscp ] [assign-queue queue-id]
To move entries within an ACL:
access-list access-list-number move destination source1 [source2]
Parameters
access-list-number
[entryno [entryno]]
Specifies an extended access list number. Valid values are from 100 to 199.
When using the no access-list command, you can delete a whole access-list,
or only specific entries in the list with the optional entryno parameter.
Specify a range of entries by entering the start and end entry numbers.
deny | permit Denies or permits access if specified conditions are met.
protocol Specifies an IP protocol for which to deny or permit access. The protocol
can be specified by keyword, or by a hexidecimal value between 0x0 and
0xFF, or by a decimal value between 0 and 255. Keywords and their
corresponding protocols are:
•ip – Any Internet protocol
• udp – User Datagram Protocol
• tcp –Transmission Control Protocol
• icmp – Internet Control Message Protocol
• igmp – Internet Group Management Protocol
To Next Page
Loading...
Need help?
General