5-5
5.1.2 access-list
Global Configuration Commands
Use this command to add an access list entry. Use the access list command under global configuration to
configure the access list mechanism for filtering frames by protocol type or vendor code.
Syntax
access-list
For Standard IP ACL’s:
access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos <0-
255>))(A.B.C.D/M | host A.B.C.D | any)(log) (rule-precedence <1-5000>)
For Extended IP ACL’s:
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {ip} {source/source-mask | host source | any } {destination/destination-
mask | host destination | any } [log] [rule-precedence access-list-entry
precedence]
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {icmp} {source/source-mask | host source | any} {destination/ destination-
mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-
precedence access-list-entry precedence]
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {tcp|udp} {source/source-mask | host source | any} [operator source-port]
{destination/destination-mask | host destination | any} [operator destination-
port] [log] [rule-precedence access-list-entry precedence]
NOTE Using access-list [<100-199>|<2000-2699>] moves to the
(config-ext-nacl) instance. For additional information, see
Extended ACL Instance on page 14-1.
Using
access-list [<1-99>|<1300-1999>] moves to the
(config-std-nacl) instance. For additional information, see
Standard ACL Instance on page 15-1.
To create a named ACL, use
ip access-lsit (Standard/Extended). For more
details check ip on page 5-28.
To Next Page
Loading...
Need help?
General
