Cisco Catalyst 2950 Command Reference Manual page 37

Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
Examples This example shows how to configure an extended IP ACL that allows only TCP traffic to the destination
IP address 128.88.1.2 with a TCP port number of 25 and how to apply it to an interface:
Switch(config)# access-list 102 permit tcp any host 128.88.1.2 eq 25
Switch(config)# interface fastethernet0/8
Switch(config-if)# ip access-group 102 in
This is an example of an extended ACL that allows TCP traffic only from two specified networks. The
wildcard bits apply to the host portions of the network addresses. Any host with a source address that
does not match the ACL statements is denied.
access-list 104 permit tcp 192.5.0.0 0.0.255.255 any
access-list 104 permit tcp 128.88.0.0 0.0.255.255 any
Note In these examples, all other IP access is implicitly denied.
You can verify your settings by entering the show ip access-lists or show access-lists privileged EXEC
command.
Related Commands Command
access-list (IP standard)
ip access-group
show access-lists
show ip access-lists
OL-10102-01
Description
Configures a standard IP ACL.
Controls access to an interface.
Displays ACLs configured on the switch.
Displays IP ACLs configured on the switch.
Catalyst 2950 and Catalyst 2955 Switch Command Reference
access-list (IP extended)
2-7