Command Reference ACL Commands
ACL Commands
access-list
Use this command to create an access list rule to filter data packets. The no form of this command
deletes the specified access list entries.
1) Standard IP access list (1 to 99, 1300 to 1999)
access-list id { deny | permit } { source source-wildcard | host source | any | interface idx }
[time-range tm-range-name ] [ log ]
2) Extended IP access list (100 to 199, 2000 to 2699 )
access-list id { deny | permit } protocol {source source-wildcard | host source | any | interface idx }
{ destination destination-wildcard | host destination | any } [ precedence precedence] [ tos tos ]
[ fragment ] [ range lower upper ] [ time-range time-range-name] [ log ]
3) Extended MAC access list (700 to 799)
access-list id { deny | permit} {any | host source-mac-address } { any | host
destin
ation-mac-address } [ ethernet-type ] [ cos [ out ] [ inner in ] ]
4) Extended expert access list (2700 to 2899)
access-list id { deny | permit } [ protocol | [ ethernet-type ] [ cos [ out ] [ inner in ] ] ] [ VID [ out ]
[ inner in ] ] { source source-wildcard | host source | any } { host source-mac-address | any }
{ destination destination-wildcard | host destination | any} { host destination-mac-address | any } ]
[ precedence precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]
When you select the Ethernet-type field or cos field:
access-list id { deny | permit } { ethernet-type | cos [ out ] [ inne
r in ] } [ VID [ out ] [ inner in ] ]
{ source source-wildcard | host source | any } { host source-mac-address | any } { destination
destination-wildcard | host destination | any } { host destination-mac-address | any } [ time-range
time-range-name ]
When you select the protocol field:
access-list id { deny | permit } protocol [ VID [out][inner in ] ] {source source-wildcard | host source |
any } { host source-mac-address | any } {destination destination-wildcard | host destination | any }
{ host destination-mac-address | any } [ precedence precedence ] [ tos tos ] [ fragm
ent] [range
lower upper ] [ time-range time-range-name ]
Extended expert ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
access-list id { deny | permit } icmp [ VID [ out ] [ inner in ] ] { source source-wildcard | host source
| any } { host source-mac-address | any } { destination destination-wildcard | host destination | any}
{host destination-mac-address | any} [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ]
[precedence precedence] [tos tos] [fragment] [time-range time-range-name]
Transmission Control Protocol (TCP)
access-list id {de
ny | permit} tcp [VID [out][inner in]]{source source-wildcard | host Source | any}
{host source-mac-address | any } [operator port [port] ] {destination destination-wildcard | host
destination | any} {host destination-mac-address | any} [operator port [port] ] [precedence
precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [ match-all
To Next Page
Loading...
Need help?
General
