Академический Документы
Профессиональный Документы
Культура Документы
Command
show access-lists
Description Displays all access lists and their parameters configured on the router. This command doesn't show which interface the list is configured on. Shows only the parameters for the access list specified. This command does not show you the interface the list is configured on. Shows only the IP access lists configured on the router. Shows only the IPX access lists configured on the router. Shows which interfaces have IP access lists on them. Shows which interfaces have IPX access lists on them. Shows the access lists and which interfaces have access lists set. Keyword used to represent all hosts or networks, replaces 0.0.0.0 255.255.255.255 in access list. Keyword that specifies that an address should have a wildcard mask of 0.0.0.0 (i.e will match only 1 host) Clears extended access lists counter of the number of matches per line of the access list. Applies to any IPX network or any protocol when used in extended IPX access lists. Used for all sockets in extended IPX access lists. Applies an IP access list to an interface. Applies an IPX access list to an interface. Applies an inbound IPX SAP filter to an interface. Applies an outbound IPX SAP filter to an interface. Access List Ranges Access List Type Number 1-99
show ip access-list show ipx access-list show ip interface show ipx interface show running-config
any
host
Extended IP Access Lists Standard IPX Access Lists Extended IPX Access Lists IPX SAP Filters Standard Access List Syntax
IP
access-list 1-99 {permit|deny} address mask
Variable
1-99
Definition Standard IP access lists are represented by a number ranging from 199 or text names with IOS 11.2 or greater. Used to specify the nature of the access list, either a permit or deny statement. The IP address of the source. A wildcard mask, or inverse mask, applied to determine which bits of source address are significant.
{permit|deny}
address mask
IPX
access-list 800-899 {deny|permit} source-network[.source-address[sourcemask]] destination-network[.destination-address[destinationmask]]
Variable
800-899
Definition Standard IPX access lists are represented by a number ranging from 800-899. Used to specify the nature of the access list either a permit or deny statement. The IPX address of the source network or node. The IPX address of the destination network or node.
{deny|permit}
source-network[.source-address[sourcemask]] destination-network[.destinationaddress[destination-mask]]
IP
access-list 100-199 {permit|deny} {ip|tcp|udp|icmp} source source-mask [lt|gt|eq|neq] [source-port] destination dest-mask [lt|gt|eq|neq] [dest-port] [log]
Variable
100-199
Definition Extended IP access lists are represented by a number ranging from 100-199 or text names with IOS 11.2 or greater. Used to specify the nature of the access list either a permit or deny statement. The IP protocol to be filtered can be IP (includes all protocols in the TCP/IP suite) TCP,UDP,ICMP,or others. The IP address of the source A wildcard mask, or inverse mask, applied to determine which bits of source address are significant. Can contain lt (less than), gt (greater than), eq (equal to), or neq (not equal to). It is used if an extended list filters by a specific port number or range of ports. If necessary, the source port number of the protocol to be filtered. The IP address of the destination A wildcard mask, or inverse mask, applied to determine which bits of destination address are significant. Can contain lt (less than), gt (greater than), eq (equal to), or neq (not equal to). It is used if an extended list filters by a specific port number or range of ports. If necessary, the destination port number of the protocol to be filtered. Turns on logging of access list activity.
{permit|deny}
{ip|tcp|udp|icmp}
source source-mask
[lt|gt|eq|neq]
[source-port]
destination dest-mask
[lt|gt|eq|neq]
[dest-port]
[log]
IPX
Variable
900-999
Definition Extended IPX access lists are represented by a number ranging from 900-999. Used to specify the nature of the access list either a permit or deny statement. IPX protocol, a -1 specifies all IPX protocols. The IPX address of the source network or node. Source socket similar to the port value in IP access lists, points to a particular service, a 0 specifies all sockets. The IPX address of the destination network or node. Destination socket, similar to the port value in IP access lists, points to a particular service, a 0 specifies all sockets.
{deny|permit}
destinationnetwork.[destinationaddress[dest-mask]] socket
SAP Filters
SAP
access-list 1000-1099 {permit|deny} network.[address] [service-type]
Variable
1000-1099
Definition IPX SAP filters are represented by a number in the range of 1000-1099. Used to specify the nature of the access list either a permit or deny statement. The IPX address of the source network or node. IPX services such as print services, file services, or directory services, a 0 is for all services.
{permit|deny}
network.[address] [service-type]