17-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter17 Adding a Standard Access List
Adding Standard Access Lists
Adding Standard Access Lists
This section includes the following topics:
Task Flow for Configuring Extended Access Lists, page17-3
Adding a Standard Access List, page17-3Adding Remarks to Access Lists, page 17-4

Task Flow for Configuring Extended Access Lists

Use the following guidelines to create and implement an access list:
Create an access list by adding an ACE and applying an access list name. See in the “Adding
Standard Access Lists” section on page 17-3.
Apply the access list to an interface. See the “Configuring Access Rules” section on page 34-7 for
more information.

Adding a Standard Access List

To add an access list to identify the destination IP addresses of OSPF routes, which can be used in a route
map for OSPF redistribution, enter the following command:
Command Purpose
hostname(config)# access-list
access_list_name standard {deny | permit}
{any | ip_address mask}
Example:
hostname(config)# access-list OSPF
standard permit 192.168.1.0 255.255.255.0
Adds a standard access list entry. To add another ACE to the end of the
access list, enter another access-list command, specifying the same access
list name.
The access_list_name argument specifies the name of number of an access
list.
The any keyword specifies access to anyone.
The deny keyword denies access if the conditions are matched.
The host ip_address syntax specifies access to a host IP address.
The ip_address ip_mask argument specifies access to a specific IP address
and subnet mask.
The line line-num option specifies the line number at which to insert an
ACE.
The permit keyword permits access if the conditions are matched.
To remove an ACE, enter the no access-list command with the entire
command syntax string as it appears in the configuration.