5.1.2 access-list
Global Configuration Commands
Use this command to add an access list entry. Use the access list command under global configuration to
configure the access list mechanism for filtering frames by protocol type or vendor code.
Syntax
access-list
For Standard IP ACL's:
access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos <0-
255>))(A.B.C.D/M | host A.B.C.D | any)(log) (rule-precedence <1-5000>)
For Extended IP ACL's:
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {ip} {source/source-mask | host source | any } {destination/destination-
mask
| host destination | any } [log] [rule-precedence access-list-entry
precedence]
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {icmp} {source/source-mask | host source | any} {destination/ destination-
mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-
precedence access-list-entry precedence]
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {tcp|udp} {source/source-mask | host source | any} [operator source-port]
{destination/destination-mask | host destination | any} [operator destination-
port] [log] [rule-precedence access-list-entry precedence]
NOTE Using
(config-ext-nacl)
Extended ACL Instance on page
Using
(config-std-nacl)
Standard ACL Instance on page
To create a named ACL, use
details check
access-list [<100-199>|<2000-2699>]
instance. For additional information, see
14-1.
access-list [<1-99>|<1300-1999>]
instance. For additional information, see
15-1.
ip access-lsit
ip on page
5-28.
moves to the
moves to the
(Standard/Extended). For more
5-5