Name
ip access-list — global
Synopsis
ip access-list {standard | extended} name
Configures
Named access lists
Default
None
Description
This command allows you to create a named
access list. A named access list is really no different from a numbered access list as defined by the access-list
command, except that it is identified by a logical name. A named access list may be either standard
or extended
. This command is followed by permit
and deny
commands that specify the access-list rules. For more about access lists, see Chapter 7 and the discussion of the access-list
command.
Example
The following commands define a named access list that allows HTTP traffic from any host to the server at 10.1.2.3 and permits all other TCP traffic that has the SYN flag set. Remember that all access lists end with an implicit deny, which rejects all traffic not permitted by a statement in the access list.
ip access-list extended bogus-firewall permit tcp any host 10.1.2.3 eq http permit tcp any any established
As of IOS 12.4, you can enter noncontiguous ports on a single line within a named access list. Before, you would write such an access list like this:
ip access-list extended acllist1 permit tcp any host 192.168.1.1 eq telnet permit tcp any host 192.168.1.1 eq www permit tcp any host 192.168.1.1 eq smtp permit tcp any host 192.168.1.1 eq pop3
With noncontigious port support, you can write it more tersely:
ip access-list extended acllist1 permit tcp any host 192.168.1.1 eq telnet www smtp pop3
Get Cisco IOS in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.