Difference between revisions of "Access-list"

 R1(config)#access-list ?
 <1-99>            IP standard access list
 <100-199>         IP extended access list
 <1300-1999>       IP standard access list (expanded range)
 <2000-2699>       IP extended access list (expanded range)
 <2700-2799>       MPLS access list
 acl-ace-limit     set the max configurable ace limit for all ACLs
 acl-limit         Set the max configurable acl limit
 dynamic-extended  Extend the dynamic ACL absolute timer
 global-ace-limit  set the max ace limit for the entire system
 rate-limit        Simple rate-limit specific access list

access-list (IP standard)

access-list <access-list-number> {deny | permit} <source> [<source-wildcard>] [log]

Example:

conf t
access-list 1 deny 127.0.0.0 0.255.255.255 log
access-list 1 permit any

access-list (IP extended)

access-list <access-list-number> [dynamic <dynamic-name> [timeout <minutes>]] {deny | permit} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [log | log-input]]

Example:

access-list 101 permit tcp host 192.168.5.6 host 192.168.1.1 eq telnet
access-list 101 deny tcp any any eq telnet log
access-list 101 permit ip any any

Example

access-list 106 permit ip 10.10.10.0 0.0.0.255 any
deny ip any any

Related terms

• ip access-group

See also

• Cisco IOS: Cisco IOS XE, Config (mode), VLANs, Cisco IOS logging, VTP, ACLs, show logging, show logging history, show interface status, debug, archive, show archive, conf t, int, ip http server, ip ssh, ip address, vty, show mac address-table, show access-list, Access-list, ip access-group, admin