Creating Named Standard And Extended Acls - Cisco Catalyst 2950 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
Configuring ACLs
Use the no access-list access-list-number global configuration command to delete the entire access list.
You cannot delete individual ACEs from numbered access lists.
This example shows how to create and display an extended access list to deny Telnet access from any
host in network 171.69.198.0 to any host in network 172.20.52.0 and permit any others. (The eq keyword
after the destination address means to test for the TCP destination port number equaling Telnet.)
Switch(config)# access-list 102 deny tcp 171.69.198.0 0.0.0.255 172.20.52.0 0.0.0.255 eq
telnet
Switch(config)# access-list 102 permit tcp any any
Switch(config)# end
Switch# show access-lists
Extended IP access list 102
After an ACL is created, any additions (possibly entered from the terminal) are placed at the end of the
list. You can add ACEs to an ACL, but deleting any ACE deletes the entire ACL.
When creating an ACL, remember that, by default, the end of the access list contains an implicit deny
Note
statement for all packets if it did not find a match before reaching the end.
After creating an ACL, you must apply it to a line or interface, as described in the
to an Interface or Terminal Line" section on page
Creating Named Standard and Extended ACLs
You can identify IP ACLs with an alphanumeric string (a name) rather than a number. You can use named
ACLs to configure more IP access lists on a switch than if you use numbered access lists. If you identify
your access list with a name rather than a number, the mode and command syntax are slightly different.
However, not all commands that use IP access lists accept a named ACL.
The name you give to a standard ACL or extended ACL can also be a number in the supported range of
Note
access list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP
ACL can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can
delete individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
•
•
Catalyst 2950 Desktop Switch Software Configuration Guide
23-12
deny tcp 171.69.198.0 0.0.0.255 172.20.52.0 0.0.0.255 eq telnet
permit tcp any any
A standard ACL and an extended ACL cannot have the same name.
Numbered ACLs are also available, as described in the
section on page
23-7.
Chapter 23
Configuring Network Security with ACLs
23-15.
"Creating Standard and Extended IP ACLs"
"Applying the ACL
78-11380-04
Advertisement
Table of Contents
Troubleshooting
