6.4.4 Creating an Access List with a Name
From the global configuration mode, you can also create access lists. Using the Switch(config)#ip command
you can name your access list, rather than using a number. The new prompt reflects the named access list mode.
Switch(config)# ip ?
access-list Named access-list
forward-protocol Controls forwarding of physical and directed IP
prefix-list Build a prefix list
route Establish static routes
Switch(config)# ip access-list ?
standard Standard Access List
extended Extended Access List
Switch(config)# ip access-list standard ?
WORD Access-list name or Standard IP access-list number <1-99>
Switch(config)# ip access-list standard test
Switch(config-std-nacl)# ?
deny Specify packets to reject
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
help Description of the interactive help system
no Negate a command or set its defaults
permit Specify packets to forward
quit Exit current mode and down to previous mode
remark Access list entry comment
show Show running system information
write Write running configuration to memory, network, or terminal
Switch(config-std-nacl)#
At the Switch(config-std-nacl)# prompt, you configure the access list permit or deny statements.
6.4.5 Applying an Access List to an Interface
After creating your access lists, you must apply them to an interface in order to enable the access list. Enter the
interface configuration mode for the desired interface. Each interface may have only one access list applied to it at
one time. Apply the access lists to either inbound traffic or to outbound traffic.
The following example shows creating an extended access list that only allows SMTP traffic (port 25) to be sent out,
and denies all other traffic.
Switch(config)# access-list 101 permit tcp 192.168.123.0 0.0.0.255 any eq 25
Switch(config)# access-list 101 deny any
Switch(config)# interface eth1
Switch(config-if-eth1)# ip ?
access-group Apply an access-group entry
Switch(config-if-eth1)# ip access-group ?
WORD access-list number or name
Switch(config-if-eth1)# ip access-group 101 ?
in inbound direction
out outbound direction
Switch(config-if-eth1)# ip access-group 101 out
Switch(config-if-eth1)# exit
63 Asante IntraCore IC36240 User’s Manual