Filter
Top Products
General Security Commands
16-86 Configuring Security
Mode
Globalconfiguration:XSR(config)#
Default
Noaccesslistdefined(thatis,allaccesspermitted)
Examples
ThefollowingexampledeniesaccessonlyforICMPpacketscomingfromhostsonthethree
specifiednetworks.Thewildcardbitsapplytothehostportionsofthenetworkaddresses.Any
hostwithasourceaddressthatdoesnotmatchtheaccessliststatementswillbepermitted.
XSR(config)#access-list 100 deny ICMP 192.5.34.0 0.0.0.255
XSR(config)#access-list 100 deny ICMP 128.88.0.0 0.0.255.255
XSR(config)#access-list 100 deny ICMP 36.0.0.0 0.255.255.255
Thefollowingexamplereplacesentry87withthefollowingentry:
XSR(config)#access-list 123 replace 87 deny ip host 1.2.1.2
Thefollowingexampleremovesentries16,17and18fromACL17 7:
XSR(config)#no access-list 177 16 18
ThefollowingexampleremovestheentireACL102:
XSR(config)#no access-list 102
Thefollowingexamplemovesentries16‐18withinanACLtothebeginningofthelist:
XSR(config)#access-list 101 move 1 16 18
Theexamplebelowmovesentries16‐18fromACL144toitsbeginning:
XSR(config)#access-list 144 move 1 16 18
Thefollowingexamplemovesentry2totheendofACL133:
XSR(config)#access-list 133 move 999 2
access-list (standard)
ThiscommanddefinesastandardIPAccessList(ACL)bynumbers,rangingfrom1to99.ACL
restrictionsareappliedusingthe
ip access-group command.
NewandexistingACLentriescanbeadded/replacedinaparticularACLwithoutyouhavingto
rewritetheentireACLbyusingtheinsert/replacenumberparameters.Ifneithertheinsertnorthe
replaceoptionisspecified,thenthenewentryisappendedtothelist.Thisisnoteworthysince
ACL
criteriaareevaluatedintheorderdisplayedbythe
show access-listcommand.
list#
Thestandardaccesslistnumber,rangingfrom1to99.
ent1
Optionalsingleentrynumber,orthefirstentrynumberintherangetobe
removed.Ifunspecified,theentireACLisremoved.
ent2
Optionallastentrynumberintherangetoberemoved.