Ios Ipv4 Access Lists

ADVERTISEMENT

IOS IP
4 A
L
V
CCESS
ISTS
packetlife.net
Standard ACL Syntax
Actions
permit
Allow matched packets
! Legacy syntax
access-list <number> {permit | deny}
<source>
[log]
deny
Deny matched packets
remark
Record a configuration comment
! Modern syntax
ip access-list standard {<number> | <name>}
evaluate
Evaluate a reflexive ACL
[<sequence>] {permit | deny}
<source>
[log]
Extended ACL Syntax
! Legacy syntax
access-list <number> {permit | deny}
<protocol>
<source> [<ports>]
<destination> [<ports>]
[<options>]
! Modern syntax
ip access-list extended {<number> | <name>}
[<sequence>] {permit | deny}
<protocol>
<source> [<ports>]
<destination> [<ports>]
[<options>]
ACL Numbers
Source/Destination Definitions
1-99
any Any address
IP standard
1300-1999
host <address> A single address
100-199
IP extended
<network> <mask> Any address matched by the wildcard mask
2000-2699
200-299 Protocol
IP Options
300-399 DECnet
dscp <DSCP> Match the specified IP DSCP
400-499 XNS
fragments Check non-initial fragments
500-599 Extended XNS
option <option> Match the specified IP option
600-699 Appletalk
precedence {0-7} Match the specified IP precedence
700-799 Ethernet MAC
ttl <count> Match the specified IP time to live (TTL)
800-899 IPX standard
TCP/UDP Port Definitions
900-999 IPX extended
eq <port>
neq <port>
Equal to
Not equal to
1000-1099 IPX SAP
lt <port>
gt <port>
Less than
Greater than
1100-1199 MAC extended
range <port> <port> Matches a range of port numbers
1200-1299 IPX summary
Miscellaneous Options
TCP Options
reflect <name> Create a reflexive ACL entry
ack Match ACK flag
time-range <name> Enable rule only during the given time range
fin Match FIN flag
Applying ACLs to Restrict Traffic
psh Match PSH flag
rst Match RST flag
interface FastEthernet0/0
ip access-group {<number> | <name>} {in | out}
syn Match SYN flag
urg
Match URG flag
Troubleshooting
Match packets in an
show access-lists [<number> | <name>]
established
established session
show ip access-lists [<number> | <name>]
Logging Options
show ip access-lists interface <interface>
log Log ACL entry matches
show ip access-lists dynamic
Log matches including
show ip interface [<interface>]
log-input
ingress interface and
show time-range [<name>]
source MAC address
by Jeremy Stretch
v2.0

ADVERTISEMENT

00 votes

Related Articles

Top 20 Happy Easter Cards And Gift Tags To Download For Free
Top Ten Easter Arts And Crafts Activities For Your Kids
Free Easter Coloring Pages And Easter Printables For Your Kids

Related forms

Permanent Visitor Access List - Lake Barrington Shores Permanent Visitor Access List - Lake Barrington Shores Life
Ipv4 Multicast Ipv4 Multicast Education
Ios Zone Based Firewall Cheat Sheet Ios Zone Based Firewall Cheat Sheet Education
Access, Opportunity, & Success Release Of Information Form Access, Opportunity, & Success Release Of Information Form Business
Accessible Event Program Planning Accessible Event Program Planning Life
Access Medicare Requests For Outpatient Authorization Access Medicare Requests For Outpatient Authorization Medical
Access Rest Room Men Women Sign Access Rest Room Men Women Sign Life
Access Rest Room Ladies Sign Access Rest Room Ladies Sign Life
Access Rest Room Men Sign Access Rest Room Men Sign Life
Access Rest Room All Sign Access Rest Room All Sign Life

Related Categories

Parent category: Education
Download
Go