Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 7 : Access Control List (Numbered Standard IPv4 ACL Syntax, The…
Chapter 7 : Access Control List
Numbered Standard IPv4 ACL Syntax
The access-list global configuration command defines a standard ACL with a number in the range of 1 through 99.
ACEs can permit or deny an individual host or a range of host addresses. To create a host statement in numbered ACL 10 that permits a specific host with the IPv4 address 192.168.10.10
To create a statement that will permit a range of IPv4 addresses in a numbered ACL 10 that permits all IPv4 addresses in the network 192.168.10.0/24
To remove the ACL, the global configuration no access-list command is used. Issuing the show access-list command confirms that access list 10 has been removed.
The remark keyword is used for documentation and makes access lists a great deal easier to understand. Each remark is limited to 100 characters.
When reviewing the ACL in the configuration using the show running-config command, the remark is also displayed.
Applying Standard IPv4 ACLs to Interfaces
After a standard IPv4 ACL is configured, it is linked to an interface using the ip access-group command in interface configuration mode
To remove an ACL from an interface, first enter the no ip access-group command on the interface, and then enter the global no access-list command to remove the entire ACL.
The first line identifies the ACL as access list 1. It permits traffic that matches the selected parameters.
Recall that there is an implicit deny all statement that is equivalent to adding the line access-list 1 deny 0.0.0.0 255.255.255.255 or access-list deny any to the end of the ACL.
The ip access-group 1 out interface configuration command links and ties ACL 1 to the Serial 0/0/0 interface as an outbound filter.
Named Standard IPv4 ACL Syntax
Step 1. Starting from the global configuration mode, use the ip access-list command to create a named ACL. ACL names are alphanumeric, case sensitive, and must be unique.
Step 2. From the named ACL configuration mode, use permit or deny statements to specify one or more conditions for determining whether a packet is forwarded or dropped. Use remark to add a comment to the ACL.
Step 3. Apply the ACL to an interface using the ip access-group name command. Specify whether the ACL should be applied to packets as they enter the interface (in) or applied to packets as they exit the interface (out).
Capitalizing ACL names is not required, but makes them stand out when viewing the running-config output.
It also makes it less likely that you will accidentally create two different ACLs with the same name but with different uses of capitalization.