show access-list
Extended IP access list 101 10 permit tcp any any eq www (534 matches) 20 deny tcp any any (111 matches)
Removing ACLs
no access-list <list number>
Here is an example:
permit all
access-list 101 permit tcp any any access-list 101 permit udp any any access-list 101 permit icmp any any
deny all
access-list 101 deny tcp any any access-list 101 deny udp any any access-list 101 deny icmp any any
Applying Access Lists
conf t int f0/0 ip access-group 101 out ip access-group 102 in
Use an operator to match port numbers used by the source or destination. The permitted operators are as follows: •lt—less than •gt—greater than •eq—equal to •neq—not equal to •range—an inclusive range of values. When you use this operator, specify two port numbers, for example: range 100 200
access-list 111 extended permit tcp any any range 8080 8080
object-group network www description www network-object 172.16.4.0 255.255.255.0 network-object 172.16.5.0 255.255.255.0
object-group network dbhost description database network-object 172.16.4.0 255.255.255.0 network-object 172.16.5.0 255.255.255.0 object-group service dbport tcp description database port-object eq 3306 port-object eq 2521 port-object eq 5432 port-object eq 1433 object-group service webport tcp description web port-object eq 80 port-object range 81 88
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list 101 deny tcp any any Router(config)#access-list 101 deny udp any any Router(config)#access-list 101 deny icmp any any Router(config)#int f0/1 Router(config-if)#ip access-group 101 in Router(config-if)#end
www
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list 101 permit tcp any any eq www Router(config)#access-list 101 deny tcp any any Router(config)#end Router#