SlideShare a Scribd company logo

Ip Access Lists

C
CCNAResources

This document summarizes IP access control lists (ACLs), including the syntax for standard and extended ACLs, supported source/destination definitions, TCP/UDP port definitions, options for applying and troubleshooting ACLs. Standard ACLs filter based on source IP address while extended ACLs can also filter based on protocol, source/destination ports, flags, and other options. Numbers, names, sequences and actions (permit, deny) are used to configure individual ACL rules.

Technology
1 of 1
Downloaded 18 times
1
IP ACCESS LISTS CCNA4.com Standard IP ACL Syntax Actions ! Legacy syntax permit Allow matched packets access-list <number> {permit | deny} <source> [log] deny Deny matched packets ! Modern syntax remark Record a config comment ip access-list standard {<number> | <name>} [<sequence>] {permit | deny} <source> [log] evaluate Evaluate a reflexive ACL Extended IP ACL Syntax ! Legacy syntax access-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>] ! Modern syntax ip access-list extended {<number> | <name>} [<sequence>] {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>] ACL Numbers Source/Destination Definitions 1-99 any Any address IP standard 1300-1999 host <address> A single address 100-199 IP extended <network> <mask> Any address matched by the wildcard mask 2000-2699 200-299 Protocol IP Options 300-399 DECnet dscp <DSCP> Match packets with the given DSCP value 400-499 XNS fragments Check non-initial fragments 500-599 Extended XNS option <option> Match packets with the specified IP option 600-699 Appletalk precedence <0-7> Match packets with the given precedence value 700-799 Ethernet MAC ttl <count> Match packets with the given Time To Live 800-899 IPX standard TCP/UDP Port Definitions 900-999 IPX extended eq <port> Equal to neq <port> Not equal to 1000-1099 IPX SAP lt <port> Less than gt <port> Greater than 1100-1199 MAC extended range <port> <port> Matches a range of port numbers 1200-1299 IPX summary Miscellaneous Options TCP Options reflect <name> Create a reflexive ACL ack Match ACK flag time-range <name> Enable rule only during the specified time range fin Match FIN flag Applying ACLs to Restrict Traffic psh Match PSH flag interface FastEthernet0/0 rst Match RST flag ip access-group {<number> | <name>} {in | out} syn Match SYN flag Troubleshooting urg Match URG flag show access-lists {<number> | <name>} established Match packets in a pre- established session show ip access-lists {<number> | <name>} show ip access-lists interface <interface> Logging Options show ip access-lists dynamic log Log ACL entry matches show ip interface [<interface>] log-input Log matches with ingress interface and source MAC show time-range [<name>] by Jeremy Stretch v1.1

More Related Content

What's hot (14)

PPT
Sockets intro
AviNash ChaVhan
 
PPTX
Network configuration
engshemachi
 
PDF
Sockets
Rajesh Kumar
 
PPTX
ops300 Week8 gre
trayyoo
 
PDF
Termux commands-list
DhanushR24
 
PPS
Protocol
Prem Sahu
 
PPT
Npc08
vamsitricks
 
PPT
Socket programming in C
Deepak Swain
 
ODP
Linux
merlin deepika
 
PPT
Linux
Yuvaraja Rajenderan
 
PPTX
Socket programming in c
Md. Golam Hossain
 
PPT
Socket Programming it-slideshares.blogspot.com
phanleson
 
PPT
Linux com
MohanKumar Palanichamy
 
PPTX
Linux Commands
lucita cabral
 
Sockets intro
AviNash ChaVhan
 
Network configuration
engshemachi
 
Sockets
Rajesh Kumar
 
ops300 Week8 gre
trayyoo
 
Termux commands-list
DhanushR24
 
Protocol
Prem Sahu
 
Npc08
vamsitricks
 
Socket programming in C
Deepak Swain
 
Linux
merlin deepika
 
Linux
Yuvaraja Rajenderan
 
Socket programming in c
Md. Golam Hossain
 
Socket Programming it-slideshares.blogspot.com
phanleson
 
Linux com
MohanKumar Palanichamy
 
Linux Commands
lucita cabral
 

Viewers also liked (12)

PPTX
Disable sharing Option for folder
Nagarajan Kamalakannan
 
PDF
Install Linux CentOS 6 x86_64 - minimum installation
Mehdi Poustchi Amin
 
PDF
Ccna Wireless Study Guide
CCNAResources
 
PDF
Ubuntu Practice and Configuration
Manoj Sahu
 
PDF
Self Test Study Guide Sample
LiquidHub
 
PDF
Dba i 9i
Danyer Valencia Llamoca
 
PDF
Kanchilug
Nagarajan Kamalakannan
 
DOCX
Net practicals lab mannual
Abhishek Pathak
 
PDF
Outlook 2007-pop
BingkeSoft
 
PDF
DBA ORACLE 9i II
Danyer Valencia Llamoca
 
PDF
Efi booting
Mohamed Kajamoideen
 
PDF
how to install fedora core 10
Thipphachan Maniphousai
 
Disable sharing Option for folder
Nagarajan Kamalakannan
 
Install Linux CentOS 6 x86_64 - minimum installation
Mehdi Poustchi Amin
 
Ccna Wireless Study Guide
CCNAResources
 
Ubuntu Practice and Configuration
Manoj Sahu
 
Self Test Study Guide Sample
LiquidHub
 
Dba i 9i
Danyer Valencia Llamoca
 
Kanchilug
Nagarajan Kamalakannan
 
Net practicals lab mannual
Abhishek Pathak
 
Outlook 2007-pop
BingkeSoft
 
DBA ORACLE 9i II
Danyer Valencia Llamoca
 
Efi booting
Mohamed Kajamoideen
 
how to install fedora core 10
Thipphachan Maniphousai
 
Ad

Similar to Ip Access Lists (20)

PDF
Ios i pv4_access_lists
Swapnil Kapate
 
PDF
Acl
saul calle espinoza
 
PDF
Ios i pv4_access_lists
DaniPea7
 
PPT
11 module configuring novell ipx
Asif
 
PDF
TCPDUMP
Martin Cabrera
 
PPTX
Acl cisco
Tapan Khilar
 
PPTX
Acl cisco
Tapan Khilar
 
PDF
Tcpdump
Swapnil Kapate
 
PDF
commandes_CHEAT_SH_2.pdf
AchRaf264021
 
PPT
Cisco ACL
faust0
 
PDF
Tcpdump
Mohamed Gamel
 
PDF
Computer network (4)
NYversity
 
PPTX
Basic ip traffic management with access control lists
Sourabh Badve
 
DOCX
Student Name _________________________________ Date _____________SE.docx
emelyvalg9
 
PDF
Ntp cheat sheet
csystemltd
 
PPT
Chapter10ccna
Lakshan Perera
 
DOCX
1 SEC450 ACL Tutorial This document highlights.docx
dorishigh
 
PPT
Chapter10ccna
ernestlithur
 
PPT
Chapter10ccna
robertoxe
 
PDF
A10_CompactTrainingv5.pdf (1).pdf
neoalt
 
Ios i pv4_access_lists
Swapnil Kapate
 
Acl
saul calle espinoza
 
Ios i pv4_access_lists
DaniPea7
 
11 module configuring novell ipx
Asif
 
TCPDUMP
Martin Cabrera
 
Acl cisco
Tapan Khilar
 
Acl cisco
Tapan Khilar
 
Tcpdump
Swapnil Kapate
 
commandes_CHEAT_SH_2.pdf
AchRaf264021
 
Cisco ACL
faust0
 
Tcpdump
Mohamed Gamel
 
Computer network (4)
NYversity
 
Basic ip traffic management with access control lists
Sourabh Badve
 
Student Name _________________________________ Date _____________SE.docx
emelyvalg9
 
Ntp cheat sheet
csystemltd
 
Chapter10ccna
Lakshan Perera
 
1 SEC450 ACL Tutorial This document highlights.docx
dorishigh
 
Chapter10ccna
ernestlithur
 
Chapter10ccna
robertoxe
 
A10_CompactTrainingv5.pdf (1).pdf
neoalt
 
Ad

More from CCNAResources (16)

PDF
Iscw Cram Sheet
CCNAResources
 
PDF
Building Scalable Cisco Internetworks (Bsci)
CCNAResources
 
PDF
Ip Access Lists
CCNAResources
 
PDF
Ccna Wireless Study Guide
CCNAResources
 
PDF
Subneting And Summarization
CCNAResources
 
PDF
Subneting And Summarization
CCNAResources
 
PDF
1000 Ccna Questions And Answers
CCNAResources
 
PDF
Quick Guide VLANs
CCNAResources
 
PDF
Quick Guide Layer 2 Switching
CCNAResources
 
PDF
Quick Guide Ip Routing
CCNAResources
 
PDF
Ccna Wireless Resources
CCNAResources
 
PDF
Ccna Quick Notes –VLANs
CCNAResources
 
PDF
Ccna Commands In 10 Minutes
CCNAResources
 
PDF
Lab08 Rip Routing (Ccna4.Com)
CCNAResources
 
PDF
Lab09 Rip Routing (Ccna4.Com)
CCNAResources
 
PDF
Eigrp Summary (Ccna4.Com)
CCNAResources
 
Iscw Cram Sheet
CCNAResources
 
Building Scalable Cisco Internetworks (Bsci)
CCNAResources
 
Ip Access Lists
CCNAResources
 
Ccna Wireless Study Guide
CCNAResources
 
Subneting And Summarization
CCNAResources
 
Subneting And Summarization
CCNAResources
 
1000 Ccna Questions And Answers
CCNAResources
 
Quick Guide VLANs
CCNAResources
 
Quick Guide Layer 2 Switching
CCNAResources
 
Quick Guide Ip Routing
CCNAResources
 
Ccna Wireless Resources
CCNAResources
 
Ccna Quick Notes –VLANs
CCNAResources
 
Ccna Commands In 10 Minutes
CCNAResources
 
Lab08 Rip Routing (Ccna4.Com)
CCNAResources
 
Lab09 Rip Routing (Ccna4.Com)
CCNAResources
 
Eigrp Summary (Ccna4.Com)
CCNAResources
 

Recently uploaded (20)

PDF
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
PDF
Rethinking Security Operations - SOC Evolution Journey.pdf
Haris Chughtai
 
PDF
Ampere Offers Energy-Efficient Future For AI And Cloud
ShapeBlue
 
PDF
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PDF
July Patch Tuesday
Ivanti
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
Meetup Kickoff & Welcome - Rohit Yadav, CSIUG Chairman
ShapeBlue
 
PPTX
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
PDF
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
PPTX
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
PDF
Persuasive AI: risks and opportunities in the age of digital debate
Speck&Tech
 
PDF
Français Patch Tuesday - Juillet
Ivanti
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
Rethinking Security Operations - SOC Evolution Journey.pdf
Haris Chughtai
 
Ampere Offers Energy-Efficient Future For AI And Cloud
ShapeBlue
 
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
July Patch Tuesday
Ivanti
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Meetup Kickoff & Welcome - Rohit Yadav, CSIUG Chairman
ShapeBlue
 
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
Persuasive AI: risks and opportunities in the age of digital debate
Speck&Tech
 
Français Patch Tuesday - Juillet
Ivanti
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 

Ip Access Lists

  • 1. IP ACCESS LISTS CCNA4.com Standard IP ACL Syntax Actions ! Legacy syntax permit Allow matched packets access-list <number> {permit | deny} <source> [log] deny Deny matched packets ! Modern syntax remark Record a config comment ip access-list standard {<number> | <name>} [<sequence>] {permit | deny} <source> [log] evaluate Evaluate a reflexive ACL Extended IP ACL Syntax ! Legacy syntax access-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>] ! Modern syntax ip access-list extended {<number> | <name>} [<sequence>] {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>] ACL Numbers Source/Destination Definitions 1-99 any Any address IP standard 1300-1999 host <address> A single address 100-199 IP extended <network> <mask> Any address matched by the wildcard mask 2000-2699 200-299 Protocol IP Options 300-399 DECnet dscp <DSCP> Match packets with the given DSCP value 400-499 XNS fragments Check non-initial fragments 500-599 Extended XNS option <option> Match packets with the specified IP option 600-699 Appletalk precedence <0-7> Match packets with the given precedence value 700-799 Ethernet MAC ttl <count> Match packets with the given Time To Live 800-899 IPX standard TCP/UDP Port Definitions 900-999 IPX extended eq <port> Equal to neq <port> Not equal to 1000-1099 IPX SAP lt <port> Less than gt <port> Greater than 1100-1199 MAC extended range <port> <port> Matches a range of port numbers 1200-1299 IPX summary Miscellaneous Options TCP Options reflect <name> Create a reflexive ACL ack Match ACK flag time-range <name> Enable rule only during the specified time range fin Match FIN flag Applying ACLs to Restrict Traffic psh Match PSH flag interface FastEthernet0/0 rst Match RST flag ip access-group {<number> | <name>} {in | out} syn Match SYN flag Troubleshooting urg Match URG flag show access-lists {<number> | <name>} established Match packets in a pre- established session show ip access-lists {<number> | <name>} show ip access-lists interface <interface> Logging Options show ip access-lists dynamic log Log ACL entry matches show ip interface [<interface>] log-input Log matches with ingress interface and source MAC show time-range [<name>] by Jeremy Stretch v1.1