Configuring ACLs
24-8 Configuring Access Control Lists
Example
The following example creates an IPv4 extended ACL and associates it with VLAN 100.
C5(su)->router
C5(su)->router>enable
C5(su)->router#configure
Enter configuration commands:
C5(su)->router(Config)#access-list 121 deny ip 20.0.0.1 0.0.255.255 any
C5(su)->router(Config)#access-list 121 deny ip 30.0.0.1 0.0.255.255 any
C5(su)->router(Config)#access-list 121 deny ip 40.0.0.1 0.0.255.255 any
C5(su)->router(Config)#access-list 121 permit ip any any
C5(su)->router(Config)#show access-lists 121
Extended IP access list 121
1: deny ip 20.0.0.1 0.0.255.255 any
2: deny ip 30.0.0.1 0.0.255.255 any
3: deny ip 40.0.0.1 0.0.255.255 any
4: permit ip any any
C5(su)->router(Config)#interface vlan 100
C5(su)->router(Config-if(Vlan 100))#ip access-group 121 in
C5(su)->router(Config-if(Vlan 100))#exit
C5(su)->router(Config)#show access-lists vlan 100
Vlan ID Access-list
------- -----------
100 121
Configuring IPv6 ACLs
Procedure 24-2 describes how to configure an IPv6 ACL.
6. Optionally, display the ACLs associated with a
VLAN or port.
show access-lists [interface [port-
string]] | [vlan [vlan-id]]
7. Optionally, delete an entire ACL or a single rule
or range of rules.
no access-list acl-number [entryno
[entryno]]
Procedure 24-1 Configuring IPv4 Standard and Extended ACLs (continued)
Step Task Command(s)
Procedure 24-2 Configuring IPv6 ACLs
Step Task Command(s)
1. Optionally. display the status of ipv6mode. show access-lists ipv6mode
2. If necessary, in global router configuration mode,
enable ipv6mode, which requires a reset of the
switch.
Enter y when prompted to reset the switch.
access-list ipv6mode
To Next Page
Loading...
Need help?
General