Creating Named Standard And Extended Ip Acls - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Chapter 28
Configuring Network Security with ACLs
Creating Named Standard and Extended IP ACLs
You can identify IP ACLs with an alphanumeric string (a name) rather than a number. You can use named
ACLs to configure more IP access lists in a switch than if you were to use numbered access lists. If you
identify your access list with a name rather than a number, the mode and command syntax are slightly
different. However, not all commands that use IP access lists accept a named access list.
Note
The name you give to a standard or extended ACL can also be a number in the supported range of access
list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP ACL
can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete
individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
•
•
•
•
Beginning in privileged EXEC mode, follow these steps to create a standard ACL using names:
Command
Step 1
configure terminal
Step 2
ip access-list standard name
Step 3
deny {source [source-wildcard] | host source |
any} [log]
or
permit {source [source-wildcard] | host source
| any} [log]
Step 4
end
Step 5
show access-lists [number | name]
Step 6
copy running-config startup-config
To remove a named standard ACL, use the no ip access-list standard name global configuration
command.
78-11194-09
Not all commands that accept a numbered ACL accept a named ACL. ACLs for packet filters and
route filters on interfaces can use a name. VLAN maps also accept a name.
A standard ACL and an extended ACL cannot have the same name.
Numbered ACLs are also available, as described in the
section on page
28-8.
You can apply standard and extended ACLs (named or numbered) to VLAN maps.
"Creating Standard and Extended IP ACLs"
Purpose
Enter global configuration mode.
Define a standard IP access list using a name, and enter access-list
configuration mode.
The name can be a number from 1 to 99.
Note
In access-list configuration mode, specify one or more conditions
denied or permitted to determine if the packet is forwarded or
dropped.
host source—A source and source wildcard of source 0.0.0.0.
•
any—A source and source wildcard of 0.0.0.0
•
255.255.255.255.
The log keyword is not supported for ACLs applied to
Note
Layer 2 interfaces (port ACLs).
Return to privileged EXEC mode.
Show the access list configuration.
(Optional) Save your entries in the configuration file.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring IP ACLs
28-15
Advertisement
Table of Contents
Troubleshooting
