Creating Extended Named Acls - Cisco Catalyst 2960-XR Security Configuration Manual

Creating Extended Named ACLs

Command or Action
Step 2
ip access-list standard name
Example:
Switch(config)# ip access-list standard 20
Step 3 Use one of the following:
• deny {source [source-wildcard] | host source | any}
[log]
• permit {source [source-wildcard] | host source |
any} [log]]
Example:
Switch(config-std-nacl)# deny 192.168.0.0
0.0.255.255 255.255.0.0 0.0.255.255
or
Switch(config-std-nacl)# permit 10.108.0.0 0.0.0.0
255.255.255.0 0.0.0.0
Step 4 end
Example:
Switch(config-std-nacl)# end
Creating Extended Named ACLs
Beginning in privileged EXEC mode, follow these steps to create an extended ACL using names:
SUMMARY STEPS
1. configure terminal
2. ip access-list extended name
3. {deny | permit} protocol {source [source-wildcard] | host source | any} {destination [destination-wildcard]
| host destination | any} [precedence precedence] [tos tos] [established] [log] [time-range
time-range-name]
4. end
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
126
Purpose
Defines a standard IPv4 access list using a name, and enter
access-list configuration mode.
The name can be a number from 1 to 99.
In access-list configuration mode, specify one or more
conditions denied or permitted to decide if the packet is
forwarded or dropped.
• host source—A source and source wildcard of source
0.0.0.0.
• any—A source and source wildcard of 0.0.0.0
255.255.255.255.
Returns to privileged EXEC mode.
Configuring IPv4 ACLs
OL-29434-01