Difference between revisions of "Access-list"
Jump to navigation
Jump to search
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | |||
+ | R1(config)#access-list ? | ||
+ | <1-99> IP standard access list | ||
+ | <100-199> IP extended access list | ||
+ | <1300-1999> IP standard access list (expanded range) | ||
+ | <2000-2699> IP extended access list (expanded range) | ||
+ | <2700-2799> MPLS access list | ||
+ | acl-ace-limit set the max configurable ace limit for all ACLs | ||
+ | acl-limit Set the max configurable acl limit | ||
+ | dynamic-extended Extend the dynamic ACL absolute timer | ||
+ | global-ace-limit set the max ace limit for the entire system | ||
+ | rate-limit Simple rate-limit specific access list | ||
== access-list (IP standard) == | == access-list (IP standard) == | ||
− | access-list <access-list-number> {deny | permit} <source> [<source-wildcard>] [log] | + | access-list <access-list-number-in-appropiate-range> {deny | permit} <source> [<source-wildcard>] [log] |
Example: | Example: | ||
Line 11: | Line 23: | ||
== access-list (IP extended) == | == access-list (IP extended) == | ||
access-list <access-list-number> [dynamic <dynamic-name> [timeout <minutes>]] {deny | permit} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [log | log-input]] | access-list <access-list-number> [dynamic <dynamic-name> [timeout <minutes>]] {deny | permit} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [log | log-input]] | ||
+ | |||
+ | Example: | ||
access-list 101 permit tcp host 192.168.5.6 host 192.168.1.1 eq [[telnet]] | access-list 101 permit tcp host 192.168.5.6 host 192.168.1.1 eq [[telnet]] | ||
access-list 101 deny tcp any any eq telnet log | access-list 101 deny tcp any any eq telnet log | ||
access-list 101 permit ip any any | access-list 101 permit ip any any | ||
+ | |||
+ | |||
+ | Example | ||
+ | |||
+ | access-list 106 permit ip 10.10.10.0 0.0.0.255 any | ||
+ | access-list 106 deny ip any any | ||
== Related terms == | == Related terms == | ||
− | * <code>[[ip access-group]]</code> | + | * <code>[[ip access-group]]</code> to apply access-list |
== See also == | == See also == |
Latest revision as of 07:56, 16 March 2021
R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1300-1999> IP standard access list (expanded range) <2000-2699> IP extended access list (expanded range) <2700-2799> MPLS access list acl-ace-limit set the max configurable ace limit for all ACLs acl-limit Set the max configurable acl limit dynamic-extended Extend the dynamic ACL absolute timer global-ace-limit set the max ace limit for the entire system rate-limit Simple rate-limit specific access list
access-list (IP standard)[edit]
access-list <access-list-number-in-appropiate-range> {deny | permit} <source> [<source-wildcard>] [log]
Example:
conf t access-list 1 deny 127.0.0.0 0.255.255.255 log access-list 1 permit any
access-list (IP extended)[edit]
access-list <access-list-number> [dynamic <dynamic-name> [timeout <minutes>]] {deny | permit} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [log | log-input]]
Example:
access-list 101 permit tcp host 192.168.5.6 host 192.168.1.1 eq telnet access-list 101 deny tcp any any eq telnet log access-list 101 permit ip any any
Example
access-list 106 permit ip 10.10.10.0 0.0.0.255 any access-list 106 deny ip any any
Related terms[edit]
ip access-group
to apply access-list
See also[edit]
Advertising: