Creating a Numbered Extended ACL
Beginning in privileged EXEC mode, follow these steps to create a numbered extended ACL:
SUMMARY STEPS
1.
configure terminal
2.
access-list access-list-number {deny | permit} protocol source source-wildcard destination
destination-wildcard [precedence precedence] [tos tos] [fragments] [log [log-input] [time-range
time-range-name] [dscp dscp]
3.
access-list access-list-number {deny | permit} tcp source source-wildcard [operator port] destination
destination-wildcard [operator port] [established] [precedence precedence] [tos tos] [fragments] [log
[log-input] ] [time-range time-range-name] [dscp dscp] [flag]
4.
access-list access-list-number {deny | permit} udp source source-wildcard [operator port] destination
destination-wildcard [operator port] [precedence precedence] [tos tos] [fragments] [log [log-input] ]
[time-range time-range-name] [dscp dscp]
5.
access-list access-list-number {deny | permit} icmp source source-wildcard destination
destination-wildcard [icmp-type | [[icmp-type icmp-code] | [icmp-message]] [precedence precedence]
[tos tos] [fragments] [log [log-input] ] [time-range time-range-name] [dscp dscp]
6.
access-list access-list-number {deny | permit} igmp source source-wildcard destination
destination-wildcard [igmp-type] [precedence precedence] [tos tos] [fragments] [log [log-input] ]
[time-range time-range-name] [dscp dscp]
7.
end
DETAILED STEPS
PurposeCommand or Action
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 1
Defines an extended IPv4 access list and the access conditions.
access-list access-list-number {deny | permit}
protocol source source-wildcard destination
Step 2
The access-list-number is a decimal number from 100 to 199 or 2000 to 2699.
destination-wildcard [precedence precedence]
Enter deny or permit to specify whether to deny or permit the packet if
conditions are matched.
[tos tos] [fragments] [log [log-input]
[time-range time-range-name] [dscp dscp]
Example:
Switch(config)# access-list 101 permit
For protocol, enter the name or number of an P protocol: ahp, eigrp, esp,
gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, pcp, pim, tcp, or udp, or an
integer in the range 0 to 255 representing an IP protocol number. To match
any Internet protocol (including ICMP, TCP, and UDP), use the keyword ip.
ip host 10.1.1.2 any precedence 0 tos
0 log
The source is the number of the network or host from which the packet is
sent.
The source-wildcard applies wildcard bits to the source.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
122 OL-29434-01
Configuring IPv4 ACLs
Creating a Numbered Extended ACL
To Next Page
Loading...
Need help?
General