Standard ACLs
Standard ACLs permit or deny traffic based on source IP address.
Standard Access List Ranges
IP Standard 1-99 IP Standard Expanded Range 1300–1999
Example
access-list 1 permit 10.1.1.0 0.0.0.255interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 1 in
Extended ACLs
Extended ACLs can permit or deny traffic based on source and/or destination IP, protocols, port numbers, and other parameters.
Extended Access List Ranges
IP Extended 100–199 IP Extended Expanded Range 2000–2699
Example
access-list 101 deny icmp any 10.1.1.0 0.0.0.255 echo access-list 101 permit ip any 10.1.1.0 0.0.0.255
interface Ethernet0/1
ip address 172.16.1.2 255.255.255.0 ip access-group 101 in
Edit Extended ACLs
Secondary_core(config)#ip access-list extended 122Secondary_core(config-ext-nacl)#701 permit ip 192.168.1.1 0.0.0.255 host 172.16.1.15
Secondary_core(config)#ip access-list resequence 122 10 10
Named ACLs
Named ACLs use names instead of numbers. It becomes more descriptive, so it is easier to remember. syntax - ip access-list {extended|standard} name
Example
ip access-list extended in_to_out
permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group in_to_out in
Comments