The access-list command creates an entry in a standard
IPv4 traf?¬?c ?¬?lter list.
The ip access-group command links an existing ACL to an interface. Only one ACL per protocol,
per direction, and per interface is allowed.
NOTE To remove an IP ACL from an interface, ?¬?rst enter the no ip access-group name/
number [in|out]command on the interface; then enter the global no access-list name/number
command to remove the entire ACL.
Frame
Header
(for Example,
HDLC)
Packet
(IP Header)
Segment
(for Example,
TCP Header)
Data
Use ACL
Statements
1??“99
1300??“1999
Source
Address
Permit Deny
Con?¬?guring ACLs 223
The following provides an example of the steps that are required to con?¬?gure and apply a
numbered standard ACL on a router:
Step 1 Use the access-list global con?¬?guration command to create an entry in a
standard IPv4 ACL.
RouterX(config)# aacccceessss--lliisstt 11 ppeerrmmiitt 117722..1166..00..00 00..00..225555..225555
Enter the global no access-list access-list-number command to remove the
entire ACL. The example statement matches any address that starts with
172.16.x.x. You can use the remark option to add a description to your
ACL.
Pages:
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341