General Security Commands
16-86 Configuring Security
Mode
Globalconfiguration:XSR(config)#
Default
Noaccesslistdefined(thatis,allaccesspermitted)
Examples
ThefollowingexampledeniesaccessonlyforICMPpacketscomingfromhostsonthethree
specifiednetworks.Thewildcardbitsapplytothehostportionsofthenetworkaddresses.Any
hostwithasourceaddressthatdoesnotmatchtheaccessliststatementswillbepermitted.
XSR(config)#access-list 100 deny ICMP 192.5.34.0 0.0.0.255
XSR(config)#access-list 100 deny ICMP 128.88.0.0 0.0.255.255
XSR(config)#access-list 100 deny ICMP 36.0.0.0 0.255.255.255
Thefollowingexamplereplacesentry87withthefollowingentry:
XSR(config)#access-list 123 replace 87 deny ip host 1.2.1.2
Thefollowingexampleremovesentries16,17and18fromACL177:
XSR(config)#no access-list 177 16 18
ThefollowingexampleremovestheentireACL102:
XSR(config)#no access-list 102
Thefollowingexamplemovesentries16‐18withinanACLtothebeginningofthelist:
XSR(config)#access-list 101 move 1 16 18
Theexamplebelowmovesentries16‐18fromACL144toitsbeginning:
XSR(config)#access-list 144 move 1 16 18
Thefollowingexamplemovesentry2totheendofACL133:
XSR(config)#access-list 133 move 999 2

access-list (standard)

ThiscommanddefinesastandardIPAccessList(ACL)bynumbers,rangingfrom1to99.ACL
restrictionsareappliedusingthe ip access-group command.
NewandexistingACLentriescanbeadded/replacedinaparticularACLwithoutyouhavingto
rewritetheentireACLbyusingtheinsert/replacenumberparameters.Ifneithertheinsertnorthe
replaceoptionisspecified,thenthenewentryisappendedtothelist.ThisisnoteworthysinceACL
criteriaareevaluatedintheorderdisplayedbytheshow access-listcommand.
list# Thestandardaccesslistnumber,rangingfrom1to99.
ent1 Optionalsingleentrynumber,orthefirstentrynumberintherangetobe
removed.Ifunspecified,theentireACLisremoved.
ent2 Optionallastentrynumberintherangetoberemoved.