User Manual
UMN:CLI
V8102
239
7.18.2
Extended Access List
To create an extended IP address-based access list entry, use the following command.
Command
Mode
Description
access-list
{<100-199> | <2000-
2699>} {
deny
|
permit
}
ip
A.B.C.D
WILDCARD-BITS
A.B.C.D
WILD-
CARD-BITS
Global
Specifies a deny or permit statement of the extended
ACL with source/destination addresses and their wild
masks.
100-199: IP extended access list
2000-2699: IP extended access list (extended range)
deny: denies packet if conditions are matched.
permit: permits packet if conditions are matched.
ip: any Internet Protocol
A.B.C.D: source/destination IP address to match
WILDCARD-BITS: bits for use of source/destination IP
address wildcard masking
access-list
{<100-199> | <2000-
2699>} {
deny
|
permit
}
ip
host
A.B.C.D
A.B.C.D
WILDCARD-
BITS
Specifies a deny or permit statement of the extended
ACL with a single source host and other variables.
host: single source host
A.B.C.D: source/destination IP address of a host to
match
WILDCARD-BITS: bits for use of host destination IP
address wildcard masking
access-list
{<100-199> | <2000-
2699>} {
deny
|
permit
}
ip
host
A.B.C.D any
Specifies a deny or permit statement of the extended
ACL with a single source host and other variables.
host: single source host
A.B.C.D: source IP address of a host to match
any: destination host
access-list
{<100-199> | <2000-
2699>} {
deny
|
permit
}
ip host
A.B.C.D host A.B.C.D
Specifies a deny or permit statement of the extended
ACL with a single source host and other variables.
host: single source/destination host
A.B.C.D: source/destination IP address of a host to
match
access-list
{<100-199> | <2000-
2699>} {
deny
|
permit
}
ip any
A.B.C.D WILDCARD-BITS
Specifies a deny or permit statement of the extended
ACL with any source host and other variables.
any: any source host
A.B.C.D: destination IP address to match
WILDCARD-BITS: bits for use of destination IP ad-
dress wildcard masking
access-list
{<100-199> | <2000-
2699>} {
deny
|
permit
}
ip any any
Specifies a deny or permit statement of the extended
ACL with any source host and other variables.
any: any source/destination host
access-list
{<100-199> | <2000-
2699>} {
deny
|
permit
}
ip any
host A.B.C.D
Specifies a deny or permit statement of the extended
ACL with any source host and other variables.
any: any source host
host: single destination host
A.B.C.D: destination IP address to match
access-list
{<100-199> | <2000-
2699>}
remark LINE
Adds comments for the extended ACL.
LINE: access list entry comments up to 100 characters