User manual
5-5
5.1.2 access-list
Global Configuration Commands
Use this command to add an access list entry. Use the access list command under global configuration to
configure the access list mechanism for filtering frames by protocol type or vendor code.
Syntax
access-list
For Standard IP ACL’s:
access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos <0-
255>))(A.B.C.D/M | host A.B.C.D | any)(log) (rule-precedence <1-5000>)
For Extended IP ACL’s:
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {ip} {source/source-mask | host source | any } {destination/destination-
mask | host destination | any } [log] [rule-precedence access-list-entry
precedence]
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {icmp} {source/source-mask | host source | any} {destination/ destination-
mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-
precedence access-list-entry precedence]
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos <0-
255>}} {tcp|udp} {source/source-mask | host source | any} [operator source-port]
{destination/destination-mask | host destination | any} [operator destination-
port] [log] [rule-precedence access-list-entry precedence]
NOTE Using access-list [<100-199>|<2000-2699>] leads you to the
(config-ext-nacl) instance. For additional information, see
Extended ACL Instance on page 9-1.
Using
access-list [<1-99>|<1300-1999>] leads you to the
(config-std-nacl) instance. For additional information, see
Standard ACL Instance on page 10-1.
To create a named ACL, use
ip access-lsit (Standard/Extended). For more
details check ip on page 5-26.