The Access-List [Number] [Permit | Deny] [Protocol] [Source Ip] [Source Wildcard] [Destination Ip] [Destination Wildcard] Cisco command

The 'access-list [number] [permit | deny] [protocol] [source ip] [source wildcard] [destination ip] [destination wildcard]' command is a powerful tool used in Cisco networking equipment to control and filter network traffic based on various criteria. It allows network administrators to define specific rules that determine whether packets are allowed or denied passage through a network.

The syntax of the command consists of several components:

  1. [number]: A unique number used to identify the access list. It can be any integer between 1 and 199 or a named access list, such as "standard" or "extended".

  2. [permit | deny]: Specifies whether to permit or deny the traffic that matches the specified criteria.

  3. [protocol]: Indicates the protocol for which the access list rule applies. Common protocols include IP, TCP, UDP, and ICMP.

  4. [source ip]: Defines the source IP address or network range from which traffic is permitted or denied.

  5. [source wildcard]: A mask that specifies which bits in the source IP address are considered significant when matching traffic.

  6. [destination ip]: Defines the destination IP address or network range to which traffic is permitted or denied.

  7. [destination wildcard]: A mask that specifies which bits in the destination IP address are considered significant when matching traffic.

To use the command, network administrators configure it on Cisco routers, switches, or firewalls. Once configured, the access list is applied to a specific interface or group of interfaces on the device. When traffic passes through the interface, the access list rules are evaluated in order, and the first matching rule determines whether the traffic is permitted or denied.

This command is commonly used in network security to implement firewall rules, segment networks, control traffic between different subnets, and prevent unauthorized access. By defining granular access control rules, administrators can enhance the security and integrity of their networks.

Additionally, access lists can be used for traffic shaping, bandwidth management, and Quality of Service (QoS) policies. By prioritizing certain types of traffic over others, network administrators can ensure that critical applications receive the necessary bandwidth and performance.

The 'access-list [number] [permit | deny] [protocol] [source ip] [source wildcard] [destination ip] [destination wildcard]' command is a fundamental tool in Cisco networking environments, providing administrators with precise control over network traffic and enabling them to implement various security and traffic management strategies.

access-list [number] [permit | deny] [protocol] [source ip] [source wildcard] [destination ip] [destination wildcard] Usage Examples

Here are some examples for the Cisco command 'access-list [number] [permit | deny] [protocol] [source ip] [source wildcard] [destination ip] [destination wildcard]':

Example 1: Permit TCP traffic from 192.168.1.0/24 to 10.0.0.0/8:

access-list 10 permit tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.255.255

Example 2: Deny ICMP traffic from any source to 10.1.1.0/24:

access-list 20 deny icmp any 0.0.0.0 255.255.255.255 10.1.1.0 0.0.0.255

Example 3: Permit UDP traffic from 172.16.1.0/24 to any destination port 80:

access-list 30 permit udp 172.16.1.0 0.0.0.255 any eq 80

Example 4: Deny TCP traffic from 10.10.10.0/24 to 192.168.1.0/24:

access-list 40 deny tcp 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255

Example 5: Permit any traffic from 172.16.2.0/24 to 192.168.2.0/24:

access-list 50 permit any 172.16.2.0 0.0.0.255 192.168.2.0 0.0.0.255

Example 6: Deny all traffic from any source to 10.20.30.0/24:

access-list 60 deny any any 0.0.0.0 255.255.255.255 10.20.30.0 0.0.0.255

Example 7: Permit SSH traffic from 192.168.4.0/24 to 10.0.1.0/24:

access-list 70 permit tcp 192.168.4.0 0.0.0.255 10.0.1.0 0.0.0.255 eq 22

Example 8: Deny HTTP traffic from any source to 172.16.3.0/24:

access-list 80 deny tcp any 0.0.0.0 255.255.255.255 172.16.3.0 0.0.0.255 eq 80

Example 9: Permit any traffic from 10.40.50.0/24 to any destination port 1-1024:

access-list 90 permit any 10.40.50.0 0.0.0.255 any range 1 1024

Example 10: Deny ICMP traffic from 192.168.6.0/24 to 172.16.4.0/24:

access-list 100 deny icmp 192.168.6.0 0.0.0.255 172.16.4.0 0.0.0.255

These examples demonstrate the various ways in which you can use the Cisco 'access-list' command to control traffic flow in your network.

Best VPS
Cheapest Domains
Subnetting Cheatsheet
Phonetic Alphabet
VIM Cheatsheet
VIM Game