Difference between revisions of "Access-list"
Jump to navigation
Jump to search
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | |||
| + | R1(config)#access-list ? | ||
| + | <1-99> IP standard access list | ||
| + | <100-199> IP extended access list | ||
| + | <1300-1999> IP standard access list (expanded range) | ||
| + | <2000-2699> IP extended access list (expanded range) | ||
| + | <2700-2799> MPLS access list | ||
| + | acl-ace-limit set the max configurable ace limit for all ACLs | ||
| + | acl-limit Set the max configurable acl limit | ||
| + | dynamic-extended Extend the dynamic ACL absolute timer | ||
| + | global-ace-limit set the max ace limit for the entire system | ||
| + | rate-limit Simple rate-limit specific access list | ||
== access-list (IP standard) == | == access-list (IP standard) == | ||
| − | access-list <access-list-number> {deny | permit} <source> [<source-wildcard>] [log] | + | access-list <access-list-number-in-appropiate-range> {deny | permit} <source> [<source-wildcard>] [log] |
| + | |||
| + | Example: | ||
| + | [[conf t]] | ||
access-list 1 deny 127.0.0.0 0.255.255.255 [[log]] | access-list 1 deny 127.0.0.0 0.255.255.255 [[log]] | ||
access-list 1 permit any | access-list 1 permit any | ||
| − | |||
== access-list (IP extended) == | == access-list (IP extended) == | ||
access-list <access-list-number> [dynamic <dynamic-name> [timeout <minutes>]] {deny | permit} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [log | log-input]] | access-list <access-list-number> [dynamic <dynamic-name> [timeout <minutes>]] {deny | permit} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [log | log-input]] | ||
| + | |||
| + | Example: | ||
access-list 101 permit tcp host 192.168.5.6 host 192.168.1.1 eq [[telnet]] | access-list 101 permit tcp host 192.168.5.6 host 192.168.1.1 eq [[telnet]] | ||
access-list 101 deny tcp any any eq telnet log | access-list 101 deny tcp any any eq telnet log | ||
access-list 101 permit ip any any | access-list 101 permit ip any any | ||
| + | |||
| + | |||
| + | Example | ||
| + | |||
| + | access-list 106 permit ip 10.10.10.0 0.0.0.255 any | ||
| + | access-list 106 deny ip any any | ||
| + | |||
| + | == Related terms == | ||
| + | * <code>[[ip access-group]]</code> to apply access-list | ||
== See also == | == See also == | ||
Latest revision as of 07:56, 16 March 2021
R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1300-1999> IP standard access list (expanded range) <2000-2699> IP extended access list (expanded range) <2700-2799> MPLS access list acl-ace-limit set the max configurable ace limit for all ACLs acl-limit Set the max configurable acl limit dynamic-extended Extend the dynamic ACL absolute timer global-ace-limit set the max ace limit for the entire system rate-limit Simple rate-limit specific access list
access-list (IP standard)[edit]
access-list <access-list-number-in-appropiate-range> {deny | permit} <source> [<source-wildcard>] [log]
Example:
conf t access-list 1 deny 127.0.0.0 0.255.255.255 log access-list 1 permit any
access-list (IP extended)[edit]
access-list <access-list-number> [dynamic <dynamic-name> [timeout <minutes>]] {deny | permit} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [log | log-input]]
Example:
access-list 101 permit tcp host 192.168.5.6 host 192.168.1.1 eq telnet access-list 101 deny tcp any any eq telnet log access-list 101 permit ip any any
Example
access-list 106 permit ip 10.10.10.0 0.0.0.255 any access-list 106 deny ip any any
Related terms[edit]
ip access-groupto apply access-list
See also[edit]
Advertising:
