In the following example, an extended access list is created to deny FTP and allow all other traffic from subnet
192.168.123.0 to be forwarded to all other networks or subnets.
Note: Remember when the cursor reaches the right margin, the command line shifts 8 spaces to the left. You cannot
see the first eight characters of the line, but you can scroll back and check the syntax at the beginning of the
command, using Ctrl-B or the left arrow keys.
Switch# configure
Switch(config)# access-list 101 ?
remark Access list entry comment
deny Specify packets to reject
permit Specify packets to forward
Switch(config)# access-list 101 deny ?
ip Specify IP connections
icmp Specify ICMP connections
tcp Specify TCP connections
udp Specify UDP connections
<0-255> Specify protocol number
Switch(config)# access-list 101 deny tcp ?
A.B.C.D Source address to match. e.g. 10.0.0.0
host Host address to match.
any Any source address to match
Switch(config)# access-list 101 deny tcp 192.168.123.0 0.0.0.255 ?
A.B.C.D Destination address to match. e.g. 10.0.0.0
host Host address to match.
any Any destination address to match
Switch(config)# $ist 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255?
eq Operator - equal to
gt Operator - greater then
lt Operator - less then
precedence precedence
tos type of service
established established
<cr>
Switch(config)# $ list 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 eq ?
<0-65535> Protocol port number
ftp FTP
ssh SSH
telnet TELNET
smtp SMTP
mtp MTP
gopher GOPHER
finger FINGER
http HTTP
pop POP version 3
bgp BGP
bgmp Border Gateway Multicast Protocol
https HTTP over SSL/TLS
rlogin Rlogin
syslog SYSLOG
Switch(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 21 ?
precedence precedence
tos type of service
established established
<cr>
Switch(config)# $ tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 21 tos 2 est
Switch(config)# exit
Switch# show access-list
62 Asante IntraCore IC36240 User’s Manual
