eq

Operator - equal to

gt

Operator - greater then

lt

Operator

-

less then

neq

Operator

-

NOT equal to

<cr>

 

 

 

Router(config)# $ list 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 eq ? <0-65535> Protocol port number

Router(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 21 Router(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 20 Router(config)# $ permit ip 192.168.123.0 0.0.0.255 0.0.0.0 255.255.255.255 Router(config)# exit

Router# show access-list

5.6.3 Creating an Access List with a Name

From the global configuration mode, you can also create access lists through the Router(config)# ip command. Through this method, you may name your access list, rather than using a number. The new prompt reflects the named access list mode.

Router(config)# ip

?

access-list

Named access-list

forward-protocol

Controls forwarding of physical and directed IP

prefix-list

Build a prefix list

route

 

Establish static routes

Router(config)# ip

access-list ?

standard

Standard Access List

extended

Extended Access List

Router(config)# ip access-list standard ?

WORD Access-list name or Standard IP access-list number <1-99> Router(config)# ip access-list standard test Router(config-std-nacl)# ?

deny

Specify packets to

reject

end

End current

mode and change to enable mode

exit

Exit current mode and down to previous mode

help

Description

of the

interactive help system

no

Negate a command or set its defaults

permit

Specify packets to

forward

quit

Exit current mode and down to previous mode

remark

Access list

entry comment

Router(config-std-nacl)#

At the Router(config-std-nacl)#prompt, you may proceed with the access list permit or deny statements.

5.6.4 Applying an Access List to an Interface

After creating your access lists, you must apply them to an interface in order to enable the access list. Enter the interface configuration mode for the desired interface. Each interface may have only one access list applied to it at one time. Access lists are applied to either inbound traffic or to outbound traffic.

In the next example, we will create an extended access list that will allow only SMTP traffic (port 25) to be sent out, and deny all other traffic.

56

Page 56
Image 56
Asante Technologies 35516 Creating an Access List with a Name, Applying an Access List to an Interface, Operator equal to