ACL

=Basic Configuration=

config# access-list 50 deny 150.100.0.0 0.0.255.255 config# access-list 110 deny tcp .....

=Named Access Lists=

config# ip access-list extended WORD config-ext-nacl# permit ip 150.100.0.0 0.0.255.255 any config-ext-nacl# deny ip 150.100.0.1 0.0.0.0 any

=Switching Named Access List Rules=

config-ext-nacl# no 20 deny ip 150.100.0.1 0.0.0.0 any config-ext-nacl# 5 deny ip 150.100.0.1 0.0.0.0 any

=Dynamic Access Lists=

config# access-list 101 permit tcp any host 192.168.1.3 eg telnet config# access-list dynamic WORD timeout 120 permit any any (timeout even if not idle) config# line vty 0 181 config-line# login local config-line# autocommand access-enable timeout 1 (1 minute; entire subnet) config-line# autocommand access-enable host timeout 1 (single host)

=Time Based=

config# time-range WORD config-time-range# periodic monday friday 8:00 to 17:00 config# access-list 105 permit tcp any any eq 80 time-range WORD

=View/Debug Commands=

show ip access-list