Table of Contents
Advertisement
C
L
OMMAND
INE
This shows how to create a standard ACL with an ingress mask to deny
access to the IP host 171.69.198.102, and permit access to any others.
Console(config)#access-list ip standard A2
Console(config-std-acl)#permit any
Console(config-std-acl)#deny host 171.69.198.102
Console(config-std-acl)#end
Console#show access-list
IP standard access-list A2:
deny host 171.69.198.102
permit any
Console#configure
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#exit
Console(config)#interface ethernet 1/1
Console(config-if)#ip access-group A2 in
Console(config-if)#end
Console#show access-list
IP standard access-list A2:
deny host 171.69.198.102
permit any
Console#
This shows how to create an extended ACL with an egress mask to drop
packets leaving network 171.69.198.0 when the Layer 4 source port is 23.
Console(config)#access-list ip extended A3
Console(config-ext-acl)#deny host 171.69.198.5 any
Console(config-ext-acl)#deny 171.69.198.0 255.255.255.0 any
source-port 23
Console(config-ext-acl)#end
Console#show access-list
IP extended access-list A3:
deny host 171.69.198.5 any
deny 171.69.198.0 255.255.255.0 any source-port 23
Console#config
Console(config)#access-list ip mask-precedence out
Console(config-ip-mask-acl)#mask 255.255.255.0 any source-port
Console(config-ip-mask-acl)#exit
Console(config)#interface ethernet 1/15
Console(config-if)#ip access-group A3 out
Console(config-if)#end
Console#show access-list
IP extended access-list A3:
deny 171.69.198.0 255.255.255.0 any source-port 23
deny host 171.69.198.5 any
IP egress mask ACL:
mask 255.255.255.0 any source-port
Console#
4-126
I
NTERFACE
Advertisement
Table of Contents
