Creating A Numbered Extended Acl - Cisco Catalyst 2960-XR Security Configuration Manual
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
Creating a Numbered Extended ACL
Creating a Numbered Extended ACL
Beginning in privileged EXEC mode, follow these steps to create a numbered extended ACL:
SUMMARY STEPS
1. configure terminal
2. access-list access-list-number {deny | permit} protocol source source-wildcard destination
destination-wildcard [precedence precedence] [tos tos] [fragments] [log [log-input] [time-range
time-range-name] [dscp dscp]
3. access-list access-list-number {deny | permit} tcp source source-wildcard [operator port] destination
destination-wildcard [operator port] [established] [precedence precedence] [tos tos] [fragments] [log
[log-input] ] [time-range time-range-name] [dscp dscp] [flag]
4. access-list access-list-number {deny | permit} udp source source-wildcard [operator port] destination
destination-wildcard [operator port] [precedence precedence] [tos tos] [fragments] [log [log-input] ]
[time-range time-range-name] [dscp dscp]
5. access-list access-list-number {deny | permit} icmp source source-wildcard destination
destination-wildcard [icmp-type | [[icmp-type icmp-code] | [icmp-message]] [precedence precedence]
[tos tos] [fragments] [log [log-input] ] [time-range time-range-name] [dscp dscp]
6. access-list access-list-number {deny | permit} igmp source source-wildcard destination
destination-wildcard [igmp-type] [precedence precedence] [tos tos] [fragments] [log [log-input] ]
[time-range time-range-name] [dscp dscp]
7. end
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2
access-list access-list-number {deny | permit}
protocol source source-wildcard destination
destination-wildcard [precedence precedence]
[tos tos] [fragments] [log [log-input]
[time-range time-range-name] [dscp dscp]
Example:
Switch(config)# access-list 101 permit
ip host 10.1.1.2 any precedence 0 tos
0 log
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
122
Purpose
Enters the global configuration mode.
Defines an extended IPv4 access list and the access conditions.
The access-list-number is a decimal number from 100 to 199 or 2000 to 2699.
Enter deny or permit to specify whether to deny or permit the packet if
conditions are matched.
For protocol, enter the name or number of an P protocol: ahp, eigrp, esp,
gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, pcp, pim, tcp, or udp, or an
integer in the range 0 to 255 representing an IP protocol number. To match
any Internet protocol (including ICMP, TCP, and UDP), use the keyword ip.
The source is the number of the network or host from which the packet is
sent.
The source-wildcard applies wildcard bits to the source.
Configuring IPv4 ACLs
OL-29434-01
Advertisement
Table of Contents
