cmdref.net - Cheat Sheet and Example

cmdref.net is command references/cheat sheets/examples for system engineers.

User Tools

Site Tools


Sidebar








Etc


Reference














.

Action disabled: source
hardware:cisco:acl.html



Cisco ACL Configuration Examples

Show ACL

Operation Command
Check access list Router#show ip access-lists
Router#show access-lists
Check if the interface has an ACL Router#show ip interface
Router#show ip interface GigabitEthernet0/0


How to confgire ACL with new way, Sequence Numbering

Create ACL(sequence)

Create Standard ACL (1-99)

1.Create Standard ACL (1-99)
Router(config)# ip access-list standard 10
Router(config-std-nacl)# permit 172.16.1.2
Router(config-std-nacl)# permit 172.16.1.3
Router(config-std-nacl)# exit
2.Apply to Interface
Router(config)# int Gi0/1
Router(config-if)# ip access-group 10 in
Examples of Standard ACL (1-99)
deny 192.168.1.0 0.0.0.255     <- deny from 192.168.1.0/24
deny 192.168.1.0 0.0.255.255   <- deny from 192.168.0.0/16
permit any                     <- permit from any


Create Extended ACL(100-199)

1. Create Extended ACL(100-199)
Router(config)# ip access-list extended 100
Router(config-ext-nacl)# deny tcp host 172.16.1.2 172.16.2.0 0.0.0.255 eq telnet  <- Deny From 172.16.1.2 To 172.16.2.0/24
Router(config-ext-nacl)# permit ip any any
Router(config-ext-nacl)# exit
2.Apply ACL to Interface
Router(config)#int Gi0/1
Router(config-if)#ip access-group 100 in
Examples of Extended ACL(100-199)
permit ip any any         <- Permit from any to any
permit ip 192.168.10.0 0.0.0.255  any       <- Permit from 192.168.10.0/24 to any
permit tcp host 192.168.1.1  host 10.50.1.1 eq www    <- Permit From 192.168.1.1 To 10.50.1.1

deny tcp any   host 172.16.1.1 eq www     <- Deny from any to 172.16.1.1


Add ACL(sequence)

Add Standard ACL (1-99)
Router(config)#show ip access-list

Router(config)#ip access-list standard 10
Router(config-std-nac)#31 permit 192.168.20.0 0.0.0.255
Add Extended ACL(100-199)
Router(config)#show ip access-list

Router(config)#ip access-list extended 100
Router(config-ext-nacl)#101 permit ip 192.168.20.0 0.0.0.255 any


Delete ACL(sequence)

Delete Standard ACL (1-99)
Router(config)#show ip access-list

Router(config)#ip access-list standard 10
Router(config-std-nac)#no 30
Delete Extended ACL(100-199)
Router(config)#show ip access-list

Router(config)#ip access-list extended 100
Router(config-ext-nacl)#no 101


Resequence

Command Example
Router(config)# ip access-list resequence NO START UP Router(config)# ip access-list resequence 150 1 5




How to confgire ACL with legacy way

Create ACL

Standard Access List (1-99)

1.Create ACL
Router(config)# access-list 1 deny 192.168.1.0  0.0.0.255
Router(config)# access-list 1 permit any
2.Apply to Interface
Router(config)# int Gi0/1
Router(config-if)# ip access-group 1 in
Examples of Standard ACL (1-99)
access-list 1 deny 192.168.1.0 0.0.0.255     <- deny from 192.168.1.0/24
access-list 1 deny 192.168.1.0 0.0.255.255   <- deny from 192.168.0.0/16
access-list 1 permit any                     <- permit from any


Extended Access List (100-199)

1.Create ACL
Router(config)#access-list 100 deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.2 eq www   <- from 192.168.1.0/24
Router(config)#access-list 100 permit ip any any
2.Apply ACL to Interface
Router(config)#int Gi0/1
Router(config-if)#ip access-group 100 in
Examples of Extended ACL(100-199)
access-list 100 permit ip any any         <- Permit from any to any
access-list 100 permit ip 192.168.10.0 0.0.0.255  any       <- Permit from 192.168.10.0/24 to any
access-list 100 permit tcp host 192.168.1.1  host 10.50.1.1 eq www    <- Permit From 192.168.1.1 To 10.50.1.1

access-list 100 deny tcp any   host 172.16.1.1 eq www     <- Deny from any to 172.16.1.1


Delete ACL




hardware/cisco/acl.html.txt ยท Last modified: 2019/06/08 by admin

Page Tools