IPv4 Access Control Lists (ACLs)

Configuring Extended ACLs

For other IPv4 ACL topics, refer to the following:

Topic

Page

configuring named, standard ACLs

9-46

configuring numbered, standard ACLs

9-49

configuring named, extended ACLs

9-55

applying or removing an ACL on an interface

9-73

deleting an ACL

9-74

editing an ACL

9-75

sequence numbering in ACLs

9-76

including remarks in an ACL

9-81

displaying ACL configuration data

9-85

creating or editing ACLs offline

9-94

enabling ACL “Deny” logging

9-96

 

 

Creating or Adding to an Extended, Numbered ACL. This command is an alternative to using ip access-list extended < name-str> and does not use the Named ACL (nacl) context. (For an extended ACL syntax summary, refer to table 9-7on page 9-53.)

Syntax: access-list < 100-199 > < deny permit > < ip ip-protocol ip-protocol-nbr>

<any host < SA > SA/mask-length SA < mask >>

<any host < DA > DA/mask-length DA < mask >> [ precedence < 0 - 7 precedence-name>]

[ tos < tos-bit-setting > [ log ]

9-66