Filter
Top Products
Command Line Interface
4-90
4
IP ACLs
access-list ip
This command adds an IP access list and enters configuration mode for standard or
extended IP ACLs. Use the no form to remove the specified ACL.
Syntax
[no] access-list ip {standard | extended} acl_name
• standard – Specifies an ACL that filters packets based on the source IP
address.
• extended – Specifies an ACL that filters packets based on the source or
destination IP address, and other more specific criteria.
• acl_name – Name of the ACL. (Maximum length: 16 characters)
Default Setting
None
Command Mode
Global Configuration
Table 4-33 Access Control Lists
Command Groups Function Page
IP ACLs Configures ACLs based on IP addresses, TCP/UDP port number,
protocol type, and TCP control code
4-90
MAC ACLs Configures ACLs based on hardware addresses, packet format, and
Ethernet type
4-97
ACL Information Displays ACLs and associated rules; shows ACLs assigned to each port 4-102
Table 4-34 IP ACLs
Command Function Mode Page
access-list ip Creates an IP ACL and enters configuration mode GC 4-90
permit, deny Filters packets matching a specified source IP address STD-ACL 4-91
permit, deny Filters packets meeting the specified criteria, including
source and destination IP address, TCP/UDP port number,
protocol type, and TCP control code
EXT-ACL 4-92
show ip access-list Displays the rules for configured IP ACLs PE 4-94
ip access-group Adds a port to an IP ACL IC 4-94
show ip access-group Shows port assignments for IP ACLs PE 4-94
map access-list ip Sets the CoS value and corresponding output queue for
packets matching an ACL rule
IC 4-95
show map access-list ip Shows CoS value mapped to an access list for an interface PE 4-96