ip access-list or acl

access-list

access-list
OneOS6Book	Standard Access Lists: only on IP address Extended Access Lists: IP and transport protocol header fields ( IP Src/Dsts @, DSCP code, IP id, TCP/UDP Src/Dst port numbers, as well as ICMP type and code. Reflexive Access Lists: ( against address spoofing) Temporary filter will be automatically set up in the reverse direction Local Access Lists: Traffic destined to or generated by the router


config	wilcard is the inverse of mask 192.168.0.0/24 = 255.255.255.0 > wilcard: 0.0.0.255
Standard	`show running-config ip access-list standard ip access-list standard ACL_SSH permit 192.168.0.0 0.0.0.255 log (optional: sequence 1 ) . . .`
show	jlk-One5G#show ip access-list ACL_SSH ip access-list standard ACL_SSH 1 permit 192.168.0.0 0.0.0.255 log (2 matches) . . . 22 deny any log (0 matches) 23 permit 0.0.0.0 255.255.255.255 log (0 matches)
	jlk-One5G#show ip access-list sizing Number of Index : 262144 Default number of sessions : 100000 Sessions: config 1461 closed, 0 failed
	ip access-list extended App_1_HandS
	ip access-list extended App_1_HandS permit ip 0.0.0.0 255.255.255.255 172.10.0.0 0.0.255.255 exit ip access-list extended App_2_HandS permit ip 0.0.0.0 255.255.255.255 192.168.10.0 0.0.0.255 exit ip access-list extended permitSpecificPorts permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 22 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 830 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 4500 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 500 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 848 permit ip 50 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 3784 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 161 permit udp 10.0.0.0 0.255.255.255 67 0.0.0.0 255.255.255.255 68 permit udp 172.16.0.0 0.15.255.255 67 0.0.0.0 255.255.255.255 68 permit udp 192.168.0.0 0.0.255.255 67 0.0.0.0 255.255.255.255 68 exit ip access-list extended allowOut permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 reflexive exit ip access-list extended sdwan_mgmt_traffic permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 9995 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 514 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 601 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2201 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 848 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 80 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 443 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 4740 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 6514 permit udp 192.0.2.1 0.0.0.0 57.152.68.169 0.0.0.0 53 exit ip access-list extended local_mgmt_traffic permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 9995 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 514 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 601 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2201 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 848 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 80 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 443 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 4740 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 6514 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 53 exit ip access-list extended local_mgmt_traffic_high_prio permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 53 exit ip access-list extended ipsec_mgmt permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 4500 permit udp 0.0.0.0 255.255.255.255 4500 0.0.0.0 255.255.255.255 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 500 permit udp 0.0.0.0 255.255.255.255 500 0.0.0.0 255.255.255.255 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 848 permit udp 0.0.0.0 255.255.255.255 848 0.0.0.0 255.255.255.255 exit ip access-list extended site2site permit ip 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255 permit ip 0.0.0.0 255.255.255.255 172.16.0.0 0.15.255.255 permit ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255 exit ip access-list extended breakout deny ip 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255 deny ip 0.0.0.0 255.255.255.255 172.16.0.0 0.15.255.255 deny ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit ip access-list extended all_traffic permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit ip access-list extended not_sdwan_mgmt_traffic deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 9995 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 514 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 601 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2201 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 848 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 80 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 443 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 4740 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 6514 deny udp 192.0.2.1 0.0.0.0 57.152.68.169 0.0.0.0 53 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit ip access-list extended not_local_mgmt_traffic deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 9995 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 514 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 601 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2201 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 848 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 80 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 443 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 4740 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 6514 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 53 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit ip access-list extended public_dns deny udp 192.0.2.1 0.0.0.0 57.152.68.169 0.0.0.0 53 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 53 exit ip access-list extended esp permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 4500 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 500 permit ip 50 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit ip access-list extended permitSpecificPortsVrf permit tcp 0.0.0.0 255.255.255.255 22 0.0.0.0 255.255.255.255 permit tcp 0.0.0.0 255.255.255.255 830 0.0.0.0 255.255.255.255 permit udp 0.0.0.0 255.255.255.255 4500 0.0.0.0 255.255.255.255 permit udp 0.0.0.0 255.255.255.255 500 0.0.0.0 255.255.255.255 permit udp 0.0.0.0 255.255.255.255 848 0.0.0.0 255.255.255.255 permit ip 50 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 permit udp 0.0.0.0 255.255.255.255 3784 0.0.0.0 255.255.255.255 permit udp 0.0.0.0 255.255.255.255 161 0.0.0.0 255.255.255.255 exit ip access-list extended from_vasi_internet permit ip 198.51.100.5 0.0.0.0 0.0.0.0 255.255.255.255 exit ip access-list extended not_from_vasi_internet deny ip 198.51.100.5 0.0.0.0 0.0.0.0 255.255.255.255 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit ip access-list extended App_1_Default-Breakout permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit tic category tic_Default-Breakout

Ekinops

ip access-list or acl

Analytics

Related content