Configuring Commented Ip Acl Entries - Cisco Catalyst 2960 series Configuration Manual

Examples
Review the output of the show ip access-lists command to see that the access list includes the new entries:
Device# show ip access-lists kmd1
Standard IP access list kmd1
100 permit 10.4.4.0, wildcard bits 0.0.0.255
105 permit 10.5.5.0, wildcard bits 0.0.0.255
115 permit 10.0.0.0, wildcard bits 0.0.0.255
130 permit 10.5.5.0, wildcard bits 0.0.0.255
145 permit 10.0.0.0, wildcard bits 0.0.0.255

Configuring Commented IP ACL Entries

Either use a named or numbered access list configuration. You must apply the access list to an interface or
terminal line after the access list is created for the configuration to work.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip access-list {standard | extended} {name | number}
4. remark remark
5. deny protocol host host-address any eq port
6. end
DETAILED STEPS
Command or Action
Step 1 enable
Example:
Device> enable
Step 2
configure terminal
Example:
Device# configure terminal
Step 3
ip access-list {standard | extended} {name | number}
Example:
Device(config)# ip access-list extended
telnetting
Step 4 remark remark
Example:
Device(config-ext-nacl)# remark Do not allow
host1 subnet to telnet out
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
Identifies the access list by a name or number and enters
extended named access list configuration mode.
Adds a remark for an entry in a named IP access list.
• The remark indicates the purpose of the permit or
deny statement.
How to Configure ACLs
1199