2 Replies Latest reply: Jan 29, 2011 9:54 AM by Conwyn RSS

    ip access lista command x access-list command(?)

    FernandoDias

      Hi Everyone,

       

      The question maybe a bit ****, but anyway I will do it.

       

      Whats the difference between the ip access-list command and access-list command?

       

      Thanks in advance,

       

      Fernando

        • 1. Re: ip access lista command x access-list command(?)
          Chad Spears CCNP CCDA CCNAS

          Fernando-

           

          Although both access list commands will do the samething, which is create an Access-List for matching traffic.  The difference is very easy, the ip access-list command allows you to create a named ACL.

           

          R1(config)#ip access-list ?
            extended    Extended Access List
            log-update  Control access list log updates
            logging     Control access list logging
            resequence  Resequence Access List
            standard    Standard Access List

          R1(config)#ip access-list ext
          R1(config)#ip access-list extended ?
            <100-199>    Extended IP access-list number
            <2000-2699>  Extended IP access-list number (expanded range)
            WORD         Access-list name

           

           

          Where the "access-list" command will not allow you to create a named ACL.

           

          R1(config)#acce
          R1(config)#access-list ?
            <1-99>            IP standard access list
            <100-199>         IP extended access list
            <1100-1199>       Extended 48-bit MAC address access list
            <1300-1999>       IP standard access list (expanded range)
            <200-299>         Protocol type-code access list
            <2000-2699>       IP extended access list (expanded range)
            <700-799>         48-bit MAC address access list
            dynamic-extended  Extend the dynamic ACL absolute timer
            rate-limit        Simple rate-limit specific access list

          R1(config)#access-list 100 ?
            deny     Specify packets to reject
            dynamic  Specify a DYNAMIC list of PERMITs or DENYs
            permit   Specify packets to forward
            remark   Access list entry comment

          R1(config)#access-list 100

           

           

          HTH,

          CS

          • 2. Re: ip access lista command x access-list command(?)
            Conwyn

            Hi Fernando

             

            The problem with access-list was editing. Traditionally you deleted them and typed them again but you could always add to the end.

            ip access list provided editing by sequence number.

             

            But now if you create an access list do not worry just say it is an ip access list and you can edit it. See below.

             

            Regards Conwyn

             

            UnderDesk(config)#access-list 123 permit ip host 10.10.10.10 host 20.20.20.20
            UnderDesk(config)#end
            UnderDesk#show access-list 123
            Extended IP access list 123
                10 permit ip host 10.10.10.10 host 20.20.20.20
            UnderDesk#config t
            Enter configuration commands, one per line.  End with CNTL/Z.
            UnderDesk(config)#access-list 123 permit ip any any log                      
            UnderDesk(config)#end
            UnderDesk#show access-list 123
            Extended IP access list 123
                10 permit ip host 10.10.10.10 host 20.20.20.20
                20 permit ip any any log
            UnderDesk(config)#ip access-list extended 123
            UnderDesk(config-ext-nacl)#15 deny ip any host 20.20.20.20 log
            UnderDesk(config-ext-nacl)#end
            UnderDesk#show access-list 123
            Extended IP access list 123
                10 permit ip host 10.10.10.10 host 20.20.20.20
                15 deny ip any host 20.20.20.20 log
                20 permit ip any any log

            UnderDesk(config)#access-list 123 permit ip host 10.10.10.10 host 20.20.20.20

            UnderDesk(config)#end

            UnderDesk#show access-list 123

            Extended IP access list 123

                10 permit ip host 10.10.10.10 host 20.20.20.20

            UnderDesk#config t

            Enter configuration commands, one per line.  End with CNTL/Z.

            UnderDesk(config)#access-list 123 permit ip any any log                      

            UnderDesk(config)#end

            UnderDesk#show access-list 123

            Extended IP access list 123

                10 permit ip host 10.10.10.10 host 20.20.20.20

                20 permit ip any any log

             

            UnderDesk(config)#ip access-list extended 123

            UnderDesk(config-ext-nacl)#15 deny ip any host 20.20.20.20 log

            UnderDesk(config-ext-nacl)#end

            UnderDesk#show access-list 123

            Extended IP access list 123

                10 permit ip host 10.10.10.10 host 20.20.20.20

                15 deny ip any host 20.20.20.20 log

                20 permit ip any any log