Cisco Catalyst 2960-XR Security Configuration Manual page 143

Configuring IPv4 ACLs
SUMMARY STEPS
1. configure terminal
2. access-list access-list-number {deny | permit} source source-wildcard [log]
3. end
DETAILED STEPS
Command or Action
Step 1 configure terminal
Example:
Switch# configure terminal
Step 2
access-list access-list-number {deny
| permit} source source-wildcard
[log]
Example:
Switch(config)# access-list 2
deny your_host
Step 3 end
Example:
Switch(config)# end
Related Topics
Configuring VLAN Maps, on page 135
OL-29434-01
Purpose
Enters the global configuration mode.
Defines a standard IPv4 access list by using a source address and wildcard.
The access-list-number is a decimal number from 1 to 99 or 1300 to 1999.
Enter deny or permit to specify whether to deny or permit access if conditions are
matched.
The source is the source address of the network or host from which the packet is
being sent specified as:
• The 32-bit quantity in dotted-decimal format.
• The keyword any as an abbreviation for source and source-wildcard of 0.0.0.0
255.255.255.255. You do not need to enter a source-wildcard.
• The keyword host as an abbreviation for source and source-wildcard of source
0.0.0.0.
(Optional) The source-wildcard applies wildcard bits to the source.
(Optional) Enter log to cause an informational logging message about the packet
that matches the entry to be sent to the console.
(Optional) Enter smartlog to send copies of denied or permitted packets to a
NetFlow collector.
Logging is supported only on ACLs attached to Layer 3 interfaces.
Note
Returns to privileged EXEC mode.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
Creating a Numbered Standard ACL
121