Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions

_Communities

This Question is Answered 1 Helpful Answer available (2 pts)
1833 Views 2 Replies Latest reply: Jan 29, 2011 9:54 AM by Conwyn RSS

Currently Being Moderated

ip access lista command x access-list command(?)

Jan 29, 2011 4:58 AM

FernandoDias 46 posts since
Jan 9, 2009

Hi Everyone,

 

The question maybe a bit ****, but anyway I will do it.

 

Whats the difference between the ip access-list command and access-list command?

 

Thanks in advance,

 

Fernando

  • Chad Spears CCNP CCDA CCNAS 752 posts since
    Jul 27, 2009

    Fernando-

     

    Although both access list commands will do the samething, which is create an Access-List for matching traffic.  The difference is very easy, the ip access-list command allows you to create a named ACL.

     

    R1(config)#ip access-list ?
      extended    Extended Access List
      log-update  Control access list log updates
      logging     Control access list logging
      resequence  Resequence Access List
      standard    Standard Access List

    R1(config)#ip access-list ext
    R1(config)#ip access-list extended ?
      <100-199>    Extended IP access-list number
      <2000-2699>  Extended IP access-list number (expanded range)
      WORD         Access-list name

     

     

    Where the "access-list" command will not allow you to create a named ACL.

     

    R1(config)#acce
    R1(config)#access-list ?
      <1-99>            IP standard access list
      <100-199>         IP extended access list
      <1100-1199>       Extended 48-bit MAC address access list
      <1300-1999>       IP standard access list (expanded range)
      <200-299>         Protocol type-code access list
      <2000-2699>       IP extended access list (expanded range)
      <700-799>         48-bit MAC address access list
      dynamic-extended  Extend the dynamic ACL absolute timer
      rate-limit        Simple rate-limit specific access list

    R1(config)#access-list 100 ?
      deny     Specify packets to reject
      dynamic  Specify a DYNAMIC list of PERMITs or DENYs
      permit   Specify packets to forward
      remark   Access list entry comment

    R1(config)#access-list 100

     

     

    HTH,

    CS

  • Conwyn 7,914 posts since
    Sep 10, 2008

    Hi Fernando

     

    The problem with access-list was editing. Traditionally you deleted them and typed them again but you could always add to the end.

    ip access list provided editing by sequence number.

     

    But now if you create an access list do not worry just say it is an ip access list and you can edit it. See below.

     

    Regards Conwyn

     

    UnderDesk(config)#access-list 123 permit ip host 10.10.10.10 host 20.20.20.20
    UnderDesk(config)#end
    UnderDesk#show access-list 123
    Extended IP access list 123
        10 permit ip host 10.10.10.10 host 20.20.20.20
    UnderDesk#config t
    Enter configuration commands, one per line.  End with CNTL/Z.
    UnderDesk(config)#access-list 123 permit ip any any log                      
    UnderDesk(config)#end
    UnderDesk#show access-list 123
    Extended IP access list 123
        10 permit ip host 10.10.10.10 host 20.20.20.20
        20 permit ip any any log
    UnderDesk(config)#ip access-list extended 123
    UnderDesk(config-ext-nacl)#15 deny ip any host 20.20.20.20 log
    UnderDesk(config-ext-nacl)#end
    UnderDesk#show access-list 123
    Extended IP access list 123
        10 permit ip host 10.10.10.10 host 20.20.20.20
        15 deny ip any host 20.20.20.20 log
        20 permit ip any any log

    UnderDesk(config)#access-list 123 permit ip host 10.10.10.10 host 20.20.20.20

    UnderDesk(config)#end

    UnderDesk#show access-list 123

    Extended IP access list 123

        10 permit ip host 10.10.10.10 host 20.20.20.20

    UnderDesk#config t

    Enter configuration commands, one per line.  End with CNTL/Z.

    UnderDesk(config)#access-list 123 permit ip any any log                      

    UnderDesk(config)#end

    UnderDesk#show access-list 123

    Extended IP access list 123

        10 permit ip host 10.10.10.10 host 20.20.20.20

        20 permit ip any any log

     

    UnderDesk(config)#ip access-list extended 123

    UnderDesk(config-ext-nacl)#15 deny ip any host 20.20.20.20 log

    UnderDesk(config-ext-nacl)#end

    UnderDesk#show access-list 123

    Extended IP access list 123

        10 permit ip host 10.10.10.10 host 20.20.20.20

        15 deny ip any host 20.20.20.20 log

        20 permit ip any any log

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)