Filter
Top Products
Configuring IP Services
Filtering IP Packets Using Access Lists
IPC-91
Cisco IOS IP Configuration Guide
Note In a standard access list, if you omit the mask from an associated IP host address access list
specification, 0.0.0.0 is assumed to be the mask.
Note Autonomous switching is not used when you have extended access lists.
After creating an access list, you must apply it to a line or interface, as shown in the section “Applying
Access Lists” later in this chapter. See the “Implicit Masks in Access Lists Examples” section at the end
of this chapter for examples of implicit masks.
Creating Standard and Extended Access Lists Using Names
You can identify IP access lists with an alphanumeric string (a name) rather than a number. Named
access lists allow you to configure more IP access lists in a router than if you were to use numbered
access lists. If you identify your access list with a name rather than a number, the mode and command
syntax are slightly different. Currently, only packet and route filters can use a named list.
Consider the following guidelines before configuring named access lists:
• Access lists specified by name are not compatible with Cisco IOS Releases prior to 11.2.
• Not all access lists that accept a number will accept a name. Access lists for packet filters and route
filters on interfaces can use a name.
• A standard access list and an extended access list cannot have the same name.
• Numbered access lists are also available, as described in the previous section, “Creating Standard
and Extended Access Lists Using Numbers.”
Note Named access lists will not be recognized by any software release prior to Cisco IOS Release 11.2.
To create a standard access list, use the following commands beginning in global configuration mode:
Command Purpose
Step 1
Router(config)# ip access-list standard name
Defines a standard IP access list using a name and
enters standard named access list configuration
mode.
Step 2
Router(config-std-nacl)# remark remark
Allows you to comment about the following deny or
permit statement in a named access list.
1
1. This example configures the remark before the deny or permit statement. The remark can be configured after the deny or permit statement.
Step 3
Router(config-std-nacl)# deny {source
[source-wildcard] | any}[log]
and/or
Router(config-std-nacl)# permit {source
[source-wildcard] | any}[log]
Specifies one or more conditions allowed or denied,
which determines whether the packet is passed or
dropped.
Step 4
Router(config-std-nacl)# exit
Exits access-list configuration mode.