Cisco Catalyst 2960-X Security Configuration Manual page 179

Configuring IPv4 ACLs
SUMMARY STEPS
1. enable
2. configure terminal
3. access-list access-list-number {deny | permit} source source-wildcard [log]
4. end
5. show running-config
6. copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1 enable
Example:
Switch> enable
Step 2 configure terminal
Example:
Switch# configure terminal
Step 3 access-list access-list-number {deny |
permit} source source-wildcard [log]
Example:
Switch(config)# access-list 2 deny
your_host
OL-29048-01
Purpose
Enables privileged EXEC mode. Enter your password if prompted.
Enters the global configuration mode.
Defines a standard IPv4 access list by using a source address and wildcard.
The access-list-number is a decimal number from 1 to 99 or 1300 to 1999.
Enter deny or permit to specify whether to deny or permit access if
conditions are matched.
The source is the source address of the network or host from which the
packet is being sent specified as:
• The 32-bit quantity in dotted-decimal format.
• The keyword any as an abbreviation for source and source-wildcard
of 0.0.0.0 255.255.255.255. You do not need to enter a
source-wildcard.
• The keyword host as an abbreviation for source and source-wildcard
of source 0.0.0.0.
(Optional) The source-wildcard applies wildcard bits to the source.
(Optional) Enter log to cause an informational logging message about the
packet that matches the entry to be sent to the console.
Logging is supported only on ACLs attached to Layer 3 interfaces.
Note
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
Creating a Numbered Standard ACL
155