Cisco Systems ME3400G2CSA

28-15

Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide

78-17058-01

Chapter28 Configuring Network Securi ty with ACLs Configuring IPv4 ACLs

To remove a named standard ACL, use the no ip access-list standard name global configuration

command.

Beginning in privileged EXEC mode, follow these steps to create an extended ACL using names:

To remove a named extended ACL, use the no ip access-list extended name global configuration

command.

When you are creating standard extended ACLs, remember that, by default, the end of the ACL contains

an implicit deny statement for everything if it did not find a match before reaching the end. For standard

ACLs, if you omit the mask from an associated IP host address access list specification, 0.0.0.0 is

assumed to be the mask.

After you create an ACL, any additions are placed at the en d of t he list . You cannot selectively add A CL

entries to a specific ACL. However, you c an use no permi t and no deny access-list con figuration mode

commands to remove entries from a named ACL.

Step3 deny {source [source-wildcard] | host source |

any} [log]

permit {source [source-wildcard] | host sour ce

| any} [log]

In access-list configuration mode, specify one or more conditions

denied or permitted to decide if the packet is forwarded or dropped.

•host source—A source and source wildcard of source 0.0.0.0.

•any—A source and source wildcard of 0.0.0.0

255.255.255.255.

Step4 end Return to privileged EXEC mode.

Step5 show access-lists [number | name] Show the access list configuration.

Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 ip access-list extended name Define an extended IPv4 access list using a name and enter

access-list configuration mode.

Note The name can be a number from 100 to 199.

Step3 {deny | permit} protocol {source

[source-wildcard] | host source | any}

{destination [destination-wildcard] | host

destination | any} [precedence precedence]

[tos tos] [established] [log] [time-range

time-range-name]

In access-list configuration mode, specify the conditions allowed

or denied. Use the log keyword to get access list logging messages,

including violations.

See the “Creating a Numbered Extended ACL” section on

page 28-10 for definitions of protocols and other keywords.

•host source—A source and source wildcard of source 0.0.0.0.

•host destination—A destination and destination wildcard of

destination 0.0.0.0.

•any—A source and source wildcard or destination and

destination wildcard of 0.0.0.0 255.255.255.255.

Step4 end Return to privileged EXEC mode.

Step5 show access-lists [number | name] Show the access list configuration.

Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.