Cisco Catalyst 2960-X Security Configuration Manual page 186

Creating Extended Named ACLs
SUMMARY STEPS
1. enable
2. configure terminal
3. ip access-list extended name
4. {deny | permit} protocol {source [source-wildcard] | host source | any} {destination [destination-wildcard]
| host destination | any} [precedence precedence] [tos tos] [established] [log] [time-range
time-range-name]
5. end
6. show running-config
7. copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Switch> enable
Step 2 configure terminal
Example:
Switch# configure terminal
Step 3 ip access-list extended name
Example:
Switch(config)# ip access-list extended 150
Step 4 {deny | permit} protocol {source [source-wildcard] |
host source | any} {destination [destination-wildcard]
| host destination | any} [precedence precedence] [tos
tos] [established] [log] [time-range time-range-name]
Example:
Switch(config-ext-nacl)# permit 0 any any
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
162
Purpose
Enables privileged EXEC mode. Enter your password if
prompted.
Enters the global configuration mode.
Defines an extended IPv4 access list using a name, and enter
access-list configuration mode.
The name can be a number from 100 to 199.
In access-list configuration mode, specify the conditions
allowed or denied. Use the log keyword to get access list
logging messages, including violations.
• host source—A source and source wildcard of source
0.0.0.0.
• host destintation—A destination and destination wildcard
of destination 0.0.0.0.
• any—A source and source wildcard or destination and
destination wildcard of 0.0.0.0 255.255.255.255.
Configuring IPv4 ACLs
OL-29048-01