Name
access-list — global
Synopsis
Standard:
access-listnumber{permit | deny}src-address-spec
Extended:
access-listnumber{permit | deny}protocol src-address-spec[operator port]dest-address-spec[operator port] [established] [precedencevalue] [tosvalue] [log]
Named:
ip access-list {standard | extended} nameAll access list types:
no access-list numberConfigures
An access list
Default
None
Description
Access lists are an extremely general method for controlling access to the router, the traffic flowing in and out of the router, and even the routes accepted by the router. This command defines an entry in an access list.
-
number A number that identifies the list and list type. Table 17-1 shows the ranges assigned to each list type. This book covers only standard and extended IP access lists, plus named and reflexive access lists.
Table 17-1. Access list numbersList type
Numeric range
Standard IP access lists
1-99
Extended IP access lists
100-199
Ethernet type code
200-299
DECnet
300-399
XNS
400-499
Extended XNS
500-599
AppleTalk
600-699
Ethernet address
700-799
Novell
800-899
Extended Novell
900-999
Novell SAP
1000-1099
Additional standard IP access lists
1300-1999
Additional extended IP access lists
2000-2699
Named access lists
None
Reflexive access lists
None
-
permit|deny Specifies if the line is to permit or deny matched traffic.
-
protocol Specifies the protocol to which the access list entry applies. For IP access lists, this option can be
ip,tcp,udp
Get Cisco IOS in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
