Difference between revisions of "IOS: Access List (ACLs)"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Configuring IP Access Lists: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#acltypes | Configuring IP Access Lists: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#acltypes | ||
+ | |||
Types of ACLs: | Types of ACLs: | ||
Line 6: | Line 7: | ||
* Lock and Key (Dynamic ACLs) | * Lock and Key (Dynamic ACLs) | ||
* IP Named ACLs, Reflexive ACLs, Time-Based ACLs Using Time Ranges, Commented IP ACL Entries, Context-Based Access Control, Authentication Proxy, Turbo ACLs, Distributed Time-Based ACLs, Receive ACLs, Infrastructure Protection ACLs, Transit ACLs. | * IP Named ACLs, Reflexive ACLs, Time-Based ACLs Using Time Ranges, Commented IP ACL Entries, Context-Based Access Control, Authentication Proxy, Turbo ACLs, Distributed Time-Based ACLs, Receive ACLs, Infrastructure Protection ACLs, Transit ACLs. | ||
+ | |||
+ | |||
+ | Process: Define ACL + Apply ACL to interface | ||
* <code>[[show access-list]]</code> | * <code>[[show access-list]]</code> | ||
* <code>[[show ip access-list]]</code> | * <code>[[show ip access-list]]</code> | ||
+ | |||
+ | |||
* <code>router(config)#access-list 101 deny icmp any any</code> | * <code>router(config)#access-list 101 deny icmp any any</code> | ||
* <code>router(config)#access-list 101 permit ip any any</code> | * <code>router(config)#access-list 101 permit ip any any</code> | ||
Line 21: | Line 27: | ||
+ | To apply ACLs: | ||
* <code>[[ip access-group]]</code> to apply an IPv4 access control list (ACL) to a Layer 3 interface | * <code>[[ip access-group]]</code> to apply an IPv4 access control list (ACL) to a Layer 3 interface | ||
* <code>[[copy running-config startup-config]]</code> | * <code>[[copy running-config startup-config]]</code> | ||
+ | |||
+ | == Related terms == | ||
+ | * [[VLAN Access-List (VACL)]] | ||
Latest revision as of 09:04, 14 April 2021
Configuring IP Access Lists: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#acltypes
Types of ACLs:
- Standard ACLs
- Extended ACLs
- Lock and Key (Dynamic ACLs)
- IP Named ACLs, Reflexive ACLs, Time-Based ACLs Using Time Ranges, Commented IP ACL Entries, Context-Based Access Control, Authentication Proxy, Turbo ACLs, Distributed Time-Based ACLs, Receive ACLs, Infrastructure Protection ACLs, Transit ACLs.
Process: Define ACL + Apply ACL to interface
router(config)#access-list 101 deny icmp any any
router(config)#access-list 101 permit ip any any
router(config)#ip access-list extended test
router(config-ext-nacl)#permit ip host 2.2.2.2 host 3.3.3.3
router(config-ext-nacl)#permit tcp host 1.1.1.1 host 5.5.5.5 eq www
router(config-ext-nacl)#permit icmp any any
router(config-ext-nacl)#permit udp host 6.6.6.6 10.10.10.0 0.0.0.255 eq domain
To apply ACLs:
ip access-group
to apply an IPv4 access control list (ACL) to a Layer 3 interface
Related terms[edit]
See also[edit]
- Cisco IOS: Cisco IOS XE, Config (mode), VLANs, Cisco IOS logging, VTP, ACLs,
show logging
,show logging history
,show interface status
,debug
,archive
,show archive
,conf t
,int
,ip http server
,ip ssh
,ip address
, vty,show mac address-table
,show access-list
, Access-list,ip access-group
,admin
- ACL,
SubInACL.exe
, Cisco ACLs,getfacl
,setfacl
,lsattr
,chattr, xattr
, NACLs
Advertising: