494 Chapter 7: Understanding Access List Security
Foundation Summary
The Foundation Summary is a collection of tables and figures that provide a convenient review
of many key concepts in this chapter. For those of you who already feel comfortable with the
topics in this chapter, this summary could help you recall a few details. For those of you who
just read this chapter, this review should help solidify some key facts. For any of you doing your
final prep before the exam, these tables and figures will be a convenient way to review the day
before the exam.
Table 7-12 and Table 7-13 list the more popular configuration commands and EXEC commands
about access lists.
Table 7-12
IP Access List Configuration Commands
Command
Configuration Mode and Purpose
access-list {1-99} {permit | deny} source-addr
[source-mask]
Global command for standard numbered
access lists
access-list {100-199} {permit | deny} protocol
source-addr [source-mask] [operator operand]
destination-addr [destination-mask] [operator
operand] [established]
Global command for extended numbered
access lists
ip access-group {number | name [in | out] }
Interface subcommand to enable access lists
ip access-list {standard | extended } name
Global command for standard and extended
named access lists
deny {source [source-wildcard] | any}[log]
Standard named access list subcommand
{permit | deny} protocol source-addr [source-
mask] [operator operand] destination-addr
[destination-mask] [operator operand]
[established]
Extended named access list subcommand
access-class number | name [in | out]
Line subcommand for standard or extended
access lists
Table 7-13
IP Access List EXEC commands
Command
Function
show ip interface
Includes reference to the access lists enabled on
the interface
show access-list
Shows details of configured access lists for all
protocols
show ip access-list [number]
Shows IP access lists
ch07.fm Page 494 Monday, March 20, 2000 5:14 PM