Cisco Systems DOC-7814982

25-14

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 25 Con figuring Ne two rk Sec urity with ACLs

Configuring ACLs

Beginning in privileged EXEC mode, follow these steps to create a standard named access list using

names:

Beginning in privileged EXEC mode, follow these steps to create an extended named ACL using names:

Command Purpose

Step 1 configure terminal Enter g lob al c onfigura tion m ode .

Step 2 ip access-list standard {nam e |

access-list-number}Define a standard IP ac cess list by using a name, and enter

access-list configuration mode.

Note The nam e can be a n umb er f rom 1 to 99.

Step 3 deny {source source-wildcard | host so urce |

any}

permit {source source-wildcard | host sou rce |

any}

In acc ess-l ist configura tio n mo de, spe cify on e or mor e con dit ions

denie d or permitt ed to dete rmin e if the packet is forward ed or

dropped.

•host source represents a source and source-wildcard of source

0.0.0.0.

•any represents a source and source-wildcard of 0.0.0 .0

255.255.255.255.

Note The log option i s not supporte d on the switches.

Step 4 end Return to pr ivileged EX EC m ode.

Step 5 show access-lists [numb er | name] Show the access list configuration.

Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Step 1 configure terminal Enter g lob al c onfigura tion m ode .

Step 2 ip access-list extended {name |

access-list-number} Define an extend ed IP acc ess l ist by us in g a name , an d ent er

access-list configuration mode.

Note The nam e can be a n umb er f rom 100 t o 1 99.

Step 3 {deny | permit} protocol

{source source-wildcard | host source | any}

[operator port] {dest ination

destination-wildcard | host destination | any}

[operator port] [dscp dscp-value] [time-range

time-range-name]

In access-list configuration mode, specify the conditions allowed

or denied.

See the “Creating a Numbered Extended ACL” section on

page 25-10 for d efinitions of pr otoc ols a nd ot her keywords.

•host source re presents a source and source-wildcard of source

0.0.0.0 , and host destination repr ese nts a destination and

destination-wildcard of destination 0.0.0.0.

•any represents a source and source-wildcard or destination

and destination-wildcard of 0.0.0.0 255.255. 255.255.

dscp—Enter to match packets with any of the supported 13 DSCP

values ( 0, 8, 10, 16, 18, 24, 26 , 32, 34, 40, 46, 48, and 56), or use

the question mark (?) to see a list of available values.

The time-range keyword is optional. For an explanation of t his

keyword, see the “Applying Time Ranges to ACLs” sec tion on

page 25-15.

Step 4 end Return to pr ivileged EX EC m ode.