| |
Command |
Command Description |
Command Syntax |
|
11.1.3 |
access-list |
To define an access-control list, use the
access-list
global
configuration command. To remove a standard access list, use the no
form of this command. |
access-list
access-list-number
{deny | permit | remark line} {any | source [source-wildcard]} [log] |
| |
ip access-group |
To control access to an interface, use the
ip access-group
command in
interface configuration mode. To remove the specified access
group, use the no form of this command. |
ip access-group access-list-number
| access-list-name
{in | out} |
| |
no access-list access-list-number |
To define an access-control list, use the
access-list
global
configuration command. To remove a standard access lists, use the no
form of this command. |
no access-list access-list-number | access-list-name |
|
11.1.4 |
any |
Use the keyword any as an abbreviation for a source and
source-wildcard of 0.0.0.0 255.255.255.255. |
access-list access-list-number
{deny | permit | remark line} {any | source [source-wildcard]} [log] |
| |
host |
Use host source as an abbreviation for a source and source-wildcard of
source 0.0.0.0. |
access-list
access-list-number
{deny | permit | remark line} {host source | source [source-wildcard]} [log] |
|
11.1.5 |
show access-lists |
To display the contents of current access lists, use the
show
access-lists
privileged EXEC command. |
show access-lists
[access-list-number | access-list-name] |
|
11.2.1 |
access-list access-list-number {deny | permit} source
[source-wildcard ] [log] |
To define an access-control list, use the
access-list
global
configuration command. To remove a standard access lists, use the no
form of this command. |
access-list
access-list-number
{deny | permit | remark line} source [source-wildcard] [log] |
| |
no access-list access-list-number |
To define an access-control list, use the
access-list
global configuration command. To remove a standard access lists, use
the no form of this command. |
no access-list access-list-number | access-list-name |
|
11.2.2 |
access-list 101 deny tcp
192.168.14.0 0.0.0.255 any eq 80 |
To define an extended IP access list, use the extended version of the
access-list
global configuration command. Access lists can be used to
control the transmission of packets on an interface, control virtual
terminal line access, and restrict contents of routing updates. The
Cisco IOS software stops checking the extended access list after a
match occurs. |
access-list access-list-number
[dynamic dynamic-name [timeout
minutes]] {deny | permit} protocol source source-wildcard destination
destination-wildcard [precedence precedence] [tos tos] [log |
log-input] |
| |
ip access-group access-list-number
{in | out} |
To configure an access list to be used for packets transmitted to and
from the host, use the
ip access-group
interface configuration
command. To disable control over packets transmitted to or from a
host, use the no form of this command. |
ip access-group access-list-number
|
access-list-name
{in | out} |
|
11.2.3 |
ip access-list extended name-of-access-list |
Define an extended IP access list using a name. |
ip access-list {standard | extended} name |
|
11.2.6 |
access-class |
To restrict incoming and outgoing connections between a particular vty
and the addresses in an access list, use the
access-class
command in
line configuration mode. To remove access restrictions, use the
no form of this command. |
access-class access-list-number
{in | out} |
