Home | Networking | Computer HWare/SWare | NOS: Unix/Linux | Favorites | Contact Me | RCC Home

ACL Commands

 

FOR IP  ACCESS LISTS

access-list                              Creates a list of tests to filter the network traffic

 

ip access-group                    Applies an IP (1-99 and 100-199) access list to an interface

 

access-class                         Applies a standard IP access list to a VTY line

 

Example  IP standard                       access-list 1 deny 192.5.5.2 0.0.0.0
access-list 1 permit any
int e0
ip access-group 1out

 

Example IP extended                
                                    access-list 101 deny ip 192.5.5.2 0.0.0.0 210.93.105.0 0.0.0.255 eq 53        
                                                                                             protocol             source                              destination                        port
                                    access-list 101 permit ip any any
                                    int e0
                                    ip access-group 101 in        (default is out)




IP LIST SHORT CUTS

 

any                                          Specifies any host or network;
use instead of:           0.0.0.0 255.255.255.255

host                                         Specifies a (single) host address
                                                use instead of:           192.73.25.7 0.0.0.0

 

 

FOR IPX ACCESS LISTS

access-list                              Creates a list of tests to filter the networks

 

ipx access-group                  Applies a standard or extended IPX access list to an  interface (800-899 and 900-999)

 

ipx input-sap-filter                  Applies an inbound IPX SAP (1000-1099) filter to an  interface

 

ipx output-sap-filter               Applies an outbound IPX SAP (1000-1099) filter to an  interface

 

Example-IPX standard                     Router(config)#access-list 810 permit 20 40

Router(config)#int e0

Router(config-if)#ipx access-group 810 out

 

Example – IPX extended                 Router(config)#access-list 1010 permit -1 4 Sales

                                                            Int e0

                                                            RouterA(config-if)#ipx input-sap-filter

 

 

 

IPX LIST SHORT CUTS

 

-1                                             Specifies any host or any network;
same as 0.0.0.0 255.255.255.255

SHOW COMMANDS

show access-list                    Shows all the access lists configured on the router

 

show access-list 110            Shows only access-list 110

 

show ip access-list   Shows only the IP access lists

 

show ip interface       Shows which interfaces have IP access lists applied

 

show ipx access-list Shows the IPX access lists configured on a router

 

show ipx interface     Shows which interfaces have IPX access lists applied

 

 

 

Home | Networking | Computer HWare/SWare | NOS: Unix/Linux | Favorites | Contact Me | RCC Home