Cisco Catalyst 2950 Command Reference Manual page 141

Chapter 2 Cisco IOS Commands
Usage Guidelines
Use this command after the ip access-list global configuration command to specify permit conditions
for a named or numbered IP ACL. You can specify a source IP address, destination IP address, IP
protocol, TCP port, or UDP port. Specify the TCP and UDP port numbers only if protocol is tcp or udp
and operator is eq.
For more information about configuring IP ACLs, refer to the "Configuring Network Security with
Note
ACLs" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide for this release.
Examples
This example shows how to create an extended IP ACL and configure permit conditions for it:
Switch(config)# ip access-list extended Internetfilter2
Switch(config-ext-nacl)# permit host 36.10.10.5 any
Switch(config-ext-nacl)# permit host 192.1.10.8 any
This is an example of a standard ACL that sets permit conditions:
ip access-list standard Acclist1
permit 192.5.34.0
permit 128.88.10.0
permit 36.1.1.0
Note In these examples, all other IP access is implicitly denied.
You can verify your settings by entering the show ip access-lists or show access-lists privileged EXEC
command.
Related Commands Command
deny (access-list configuration)
ip access-group
ip access-list
show access-lists
show ip access-lists
78-11381-05
0.0.0.255
0.0.0.255
0.0.0.255
Description
Sets deny conditions for an IP ACL.
Controls access to an interface.
Defines an IP ACL.
Displays ACLs configured on a switch.
Displays IP ACLs configured on the switch.
permit (access-list configuration)
Catalyst 2950 Desktop Switch Command Reference
2-117