Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
How to Configure ACLs
SUMMARY STEPS
1. enable
2. configure terminal
3. ip access-list extended access-list-name
4. [sequence-number] permit tcp source source-wildcard [operator port [port]] destination
destination-wildcard [operator [port]] [established {match-any | match-all} {+ | -} flag-name]
[precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
5. [sequence-number] deny tcp source source-wildcard [operator port [port]] destination destination-wildcard
[operator [port]] [established {match-any | match-all} {+ | -} flag-name] [precedence precedence] [tos
tos] [log] [time-range time-range-name] [fragments]
6. Repeat Step 4 or Step 5 as necessary, adding statements by sequence number where you planned. Use the
no sequence-number command to delete an entry.
7. end
8. show ip access-lists access-list-name
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Device> enable
Step 2
configure terminal
Example:
Device# configure terminal
Step 3
ip access-list extended access-list-name
Example:
Device(config)# ip access-list extended
acl-extd-1
Step 4
[sequence-number] permit tcp source source-wildcard
[operator port [port]] destination destination-wildcard
[operator [port]] [established {match-any |
match-all} {+ | -} flag-name] [precedence
precedence] [tos tos] [log] [time-range
time-range-name] [fragments]
Example:
Device(config-ext-nacl)# permit tcp any eq
telnet ftp any eq 450 679
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1192
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.
Enters global configuration mode.
Specifies the IP access list by name and enters named access list
configuration mode.
Specifies a permit statement in named IP access list configuration
mode.
• Operators include lt (less than), gt (greater than), eq (equal),
neq (not equal), and range (inclusive range).
• If the operator is positioned after the source and
source-wildcard arguments, it must match the source port.
If the operator is positioned after the destination and
destination-wildcard arguments, it must match the destination
port.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
