|
|
This appendix summarizes the general command syntax and number ranges (or symbolic names) used for the access lists supported by the Cisco software. The summaries are listed by protocol, in alphabetical order. The command to create the access list is given first, followed by the command you use to assign the access list.
Access list ranges are included in the summary descriptions; however, in actual use, only one number is selected from the given range.
Table B-1 (at the end of this appendix) lists the access list number ranges in numerical order.
Access list specifications:
apollo access-list name {permit|deny} [firstnet-] lastnet.host [wildcard-mask]Interface assignment command:
apollo access-group nameAccess list specifications:
access-list 600-699 {permit|deny} network network access-list 600-699 {permit|deny} cable-range start-end access-list 600-699 {permit|deny} includes start-end access-list 600-699 {permit|deny} within start-end access-list 600-699 {permit|deny} zone zonename access-list 600-699 {permit|deny} additional-zones access-list 600-699 {permit|deny} other-accessInterface assignment commands can be one of the following:
appletalk access-group 600-699 appletalk distribute-list 600-699 in appletalk distribute-list 600-699 out appletalk getzonelist-filter 600-699Access list specification can be one of the following:
access-list 300-399 {permit|deny} destination destination-mask access-list list {permit|deny} source source-mask destination destination-mask access-list 300-399 {permit|deny} source source-mask [destination destination-mask] [connect-entries]Interface assignment commands can be one of the following:
decnet access-group 300-399 decnet in-routing filter 300-399 decnet out-routing-filter 300-399Access list specifications:
access-list 700-799 {permit|deny} address maskInterface assignment command:
bridge-group 1-9 {input-address-list|output-address-list} 700-799Access list specifications:
access-list 200-299 {permit|deny} 0xtype-code 0xmaskInterface assignment command:
bridge-group 1-9 {input-type-list|output-type-list} 200-299The following variations of IP access lists are available.
Access list specifications:
access-list 1-99 {permit|deny} address maskInterface/line assignment commands can be one of the following:
ip access-group 1-99 access-class 1-99 {out|in} (for terminal line assignment)Router configuration command assignment:
distance weight [address mask] [1-99] distribute-list 1-99 in [interface-name] distribute-list 1-99 out [interface-name|routing-process] offset-list 1-99 {in|out} offset (add an offset to metrics for networks)Access list specification:
ip as-path access-list 1-99 [permit|deny] as-regular-expressionRouter assignment command:
neighbor address distribute-list 1-99 (for BGP filtering BGP advertisements) neighbor address filter-list 1-99 {in|out|weight weight}Access list specifications:
access-list 1-99 {permit|deny} address maskRouter assignment command:
neighbor any [1-99]Access list specifications:
access-list 1-99 {permit|deny} address maskInterface assignment command:
slip access-class 1-99 {in|out}Access list specifications:
access-list 100-199 {permit|deny ip|tcp|udp|icmp} source source-mask dest dest-mask [lt|gt|eq|neq dest-port]Interface assignment command:
ip access-group 100-199Access list specifications:
access-list 800-899 {deny|permit} novell-source-network[[.source-address[source-mask]] novell-destination-network [destination-address [destination-mask]]Interface assignment command:
novell access-group 800-899Access list specifications:
access-list 900-999 {deny|permit} novell-protocol source-network.[source-address [source-mask]] source-socket destination-network. [destination-address [destination-mask]] destination-socketInterface assignment command:
novell access-group 900-999Access list specifications:
access-list 1000-1099 {permit|deny} network.[address] [service-type]Global configuration assignment commands:
novell input-sap-filter 1000-1099 novell output-sap-filter 1000-1099 novell router-sap-filter 1000-1099Access list specifications:
access-list 200-299 {permit|deny} type-code wild-mask netbios access-list bytes name {permit|deny} offset pattern netbios access-list host name {permit|deny} patternAccess list specifications:
access-list 200-299 {permit|deny} type-code wild-mask access-list 700-799 {permit|deny} address-maskInterface assignment command:
bridge-group 200-299 input-address-list listAccess list specification can be one of the following:
vines access-list 1-100 {permit|deny} IP source-address source-mask dest-addressInterface assignment command:
vines access-group listAccess list specifications:
access-list 400-499 {permit|deny} net [source-address] [source-mask] net [dest-address] [dest-mask]Interface assignment command:
xns access-group 400-499Access list specifications:
access-list 500-599 {permit|deny} xns-protocol net [source-address] [source-mask] source-socket net [dest-address] [dest-mask] dest-socketInterface assignment command:
xns access-group 500-599| Protocol | Range |
|---|---|
| IP | 1--99 |
| Extended IP | 100--199 |
| Ethernet type code | 200--299 |
| DECnet | 300--399 |
| XNS | 400--499 |
| Extended XNS | 500--599 |
| AppleTalk | 600--699 |
| Ethernet address | 700--799 |
| Novell | 800--899 |
| Extended Novell | 900--999 |
| Novell SAP | 1000--1099 |
|
|