eq | Operator - equal to | ||
gt | Operator - greater then | ||
lt | Operator | - | less then |
neq | Operator | - | NOT equal to |
<cr> |
|
|
|
Router(config)# $ list 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 eq ?
Router(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 21 Router(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 20 Router(config)# $ permit ip 192.168.123.0 0.0.0.255 0.0.0.0 255.255.255.255 Router(config)# exit
Router# show
5.6.3 Creating an Access List with a Name
From the global configuration mode, you can also create access lists through the Router(config)# ip command. Through this method, you may name your access list, rather than using a number. The new prompt reflects the named access list mode.
Router(config)# ip | ? | |
Named | ||
Controls forwarding of physical and directed IP | ||
Build a prefix list | ||
route |
| Establish static routes |
Router(config)# ip | ||
standard | Standard Access List | |
extended | Extended Access List | |
Router(config)# ip
WORD
deny | Specify packets to | reject | |
end | End current | mode and change to enable mode | |
exit | Exit current mode and down to previous mode | ||
help | Description | of the | interactive help system |
no | Negate a command or set its defaults | ||
permit | Specify packets to | forward | |
quit | Exit current mode and down to previous mode | ||
remark | Access list | entry comment | |
At the
5.6.4 Applying an Access List to an Interface
After creating your access lists, you must apply them to an interface in order to enable the access list. Enter the interface configuration mode for the desired interface. Each interface may have only one access list applied to it at one time. Access lists are applied to either inbound traffic or to outbound traffic.
In the next example, we will create an extended access list that will allow only SMTP traffic (port 25) to be sent out, and deny all other traffic.
56
