Step 1 |
enable
Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure
terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3 |
ip
access-list
resequence
access-list-name
starting-sequence-number
increment
Example:
Router(config)# ip access-list resequence kmd1 100 15
|
Resequences the specified IP access list using the starting sequence number and the increment of sequence numbers.
|
Step 4 |
ip
access-list
{standard|
extended}
access-list-name
Example:
Router(config)# ip access-list standard xyz123
|
Specifies the IP access list by name and enters named access list configuration mode.
If you specify
standard, make sure you specify subsequent
permit and
deny statements using the standard access list syntax.
If you specify
extended, make sure you specify subsequent
permit and
deny statements using the extended access list syntax.
|
Step 5 | Do one of the following:
-
sequence-number
permit
source
source-wildcard
-
sequence-number
permit
protocol
source
source-wildcard
destination
destination-wildcard
[precedence
precedence][tos
tos] [log] [time-range
time-range-name] [fragments]
Example:
Router(config-std-nacl)# 105 permit 10.5.5.5 0.0.0.255
|
Specifies a permit statement in named IP access list mode.
This access list happens to use a
permitstatement first, but a
deny statement could appear first, depending on the order of statements you need.
See the
permit (IP) command for additional command syntax to permit upper layer protocols (ICMP, IGMP, TCP, and UDP).
Use the
no
sequence-number command to delete an entry.
As the prompt indicates, this access list was a standard access list. If you had specified
extended in Step 4, the prompt for this step would be Router(config-ext-nacl)# and you would use the extended
permit command syntax.
|
Step 6 | Do one of the following:
-
sequence-number
deny
source
source-wildcard
-
sequence-number
deny
protocol
source
source-wildcard
destination
destination-wildcard
[precedence
precedence][tos
tos] [log] [time-range
time-range-name] [fragments]
Example:
Router(config-std-nacl)# 110 deny 10.6.6.7 0.0.0.255
|
(Optional) Specifies a deny statement in named IP access list mode.
This access list happens to use a
permitstatement first, but a
deny statement could appear first, depending on the order of statements you need.
See the
deny (IP) command for additional command syntax to permit upper layer protocols (ICMP, IGMP, TCP, and UDP).
Use the
no
sequence-number command to delete an entry.
As the prompt indicates, this access list was a standard access list. If you had specified
extended in Step 4, the prompt for this step would be Router(config-ext-nacl)# and you would use the extended
deny command syntax.
|
Step 7 | Repeat Step 5 and Step 6 as necessary, adding statements by sequence number where you planned. Use the
no
sequence-number command to delete an entry.
|
Allows you to revise the access list.
|
Step 8 |
end
Example:
Router(config-std-nacl)# end
|
(Optional) Exits the configuration mode and returns to privileged EXEC mode.
|
Step 9 |
show
ip
access-lists
access-list-name
Example:
Router# show ip access-lists xyz123
|
(Optional) Displays the contents of the IP access list.
|