In the following example, an extended access list is created to deny FTP and allow all other traffic from subnet 192.168.123.0 to be forwarded to all other networks or subnets.
Note: Remember when the cursor reaches the right margin, the command line shifts 8 spaces to the left. You cannot see the first eight characters of the line, but you can scroll back and check the syntax at the beginning of the command, using
Switch# configure
Switch(config)# |
| ||
remark |
| Access list entry comment | |
deny |
| Specify packets to reject | |
permit |
| Specify packets to forward | |
Switch(config)# |
| ||
ip | Specify | IP connections | |
icmp | Specify | ICMP connections | |
tcp | Specify | TCP connections | |
udp | Specify | UDP connections | |
Switch(config)# |
| ||
A.B.C.D | Source address to match. e.g. 10.0.0.0 | ||
host |
| Host | address to match. |
any |
| Any source address to match | |
Switch(config)# |
| ||
A.B.C.D | Destination address to match. e.g. 10.0.0.0 | ||
host |
| Host | address to match. |
any |
| Any destination address to match | |
Switch(config)# $ist 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255?
eq | Operator - equal to | |
gt | Operator - | greater then |
lt | Operator - | less then |
precedence | precedence |
tos | type of service |
established | established |
<cr> |
|
Switch(config)# $ list 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 eq ?
ftp | FTP |
ssh | SSH |
telnet | TELNET |
smtp | SMTP |
mtp | MTP |
gopher | GOPHER |
finger | FINGER |
http | HTTP |
pop | POP version 3 |
bgp | BGP |
bgmp | Border Gateway Multicast Protocol |
https | HTTP over SSL/TLS |
rlogin | Rlogin |
syslog | SYSLOG |
Switch(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 21 ?
precedence | precedence |
tos | type of service |
established | established |
<cr> |
|
Switch(config)# $ tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 21 tos 2 est Switch(config)# exit
Switch# show access-list
62 | Asante IntraCore IC36240 | User’s Manual |