cmdref.net - Cheat Sheet and Example

cmdref.net is command references/cheat sheets/examples for system engineers.

User Tools

Site Tools


Sidebar








Etc


Reference












.

hardware:cisco:acl.html



Cisco IOS, NX-OS

Cisco ACL Configuration Examples

Show

Operation Command
Router#show ip access-lists
Router#show access-lists
Router#show ip interface
Router#show ip interface serial0/0


Create ACL

Standard Access List (1-99)

Create ACL
Router_A(config)# access-list 1 deny 192.168.1.0  0.0.0.255
Router_A(config)# access-list 1 permit any

Apply to Interface
Router_A(config)# int s0
Router_A(config-if)# ip access-group 1 in

Extended Access List (100-199)

Create ACL
Router_B(config)#access-list 100 deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.2 eq www   <- from 192.168.1.0/24
Router_B(config)#access-list 100 permit ip any any

Apply ACL to Interface
Router_B(config)#int s0
Router_B(config-if)#ip access-group 100 in

Examples

Standard Access List (1-99)

access-list 1 deny 192.168.1.0 0.0.0.255
access-list 99 deny 192.168.1.0 0.0.255.255
access-list 1 permit any

Extended ACL(100-199)

access-list 100 permit ip any any
access-list 140 permit ip 192.168.10.0 0.0.0.255 any <- permit from 192.168.10.0/24 to any


Delete ACL

Router(config)#no access-list 10


Sequence Numbering

Add ACL(sequence)

Standard ACL (1-99)
Router(config)#show ip access-list
Router(config)#ip access-list standard 10
Router(config-std-nac)#31 permit 192.168.20.0 0.0.0.255

Extended ACL(100-199)
Router(config)#show ip access-list
Router(config)#ip access-list extended 100
Router(config-ext-nacl)#101 permit ip 192.168.20.0 0.0.0.255 any


Delete ACL(sequence)

Standard ACL (1-99)
Router(config)#show ip access-list
Router(config)#ip access-list standard 10
Router(config-std-nac)#no 30

Extended ACL(100-199)
Router(config)#show ip access-list
Router(config)#ip access-list extended 100
Router(config-ext-nacl)#no 101


Resequence




hardware/cisco/acl.html.txt ยท Last modified: 2018/08/31 by admin