In this article we’re gonna be looking at the Numbered ACL syntax to configure access on Cisco routers. Now there’s 2 sets of sin taxes you can use to configure access list on a Cisco router this 2 ways are numbered access list and named access list you can use either set of syntax to configure either axis. In this video we’re gonna pick apart the syntax for numbered acts list in a video that follows will do the same for named Axel. Here is the syntax for configuring number tax list on Cisco routers notice I’m giving you 2 sets of syntax one for standard X. list and one for extended acts with. These, ads configure a single line in a standard or extended access list. A step through each part of these, ads together. To configure any number access list here I was gonna start with the, and access list. That’s simply the first word to indicate to the router you’re configuring access. ACL syntax ACL syntax
Following that you’re gonna provide an ID number this ID number is what links multiple access list entries together each tax list entries and ID number and then a match statement and then another ID number and a match statement and an ID number and in that statement another ID number and a matching. Links all of these countries together is that ID number that’s the purpose of this ID number over here it allows you to link multiple entries into the same access list. In fact sometimes each individual entry is referred to as an ace ace stands for access control entry and a series of aces Creighton axe controlled list. That’s somewhat archaic terminology but you might see it in random documents online. Either way that’s what an ID number does have the ID number is also how you refer to the access list later on in the configuration when you apply the access to a particular purpose. ACL syntax ACL syntax ACL syntax ACL syntax ACL syntax
Any numbered access list this ID number must be the number but the number you choose is very significant. If you choose the numbers 1 to 99 you’re configuring a standard tax list if you choose to numbers 100 to 199 you’re configuring an extended access that’s how you determine whether you’re configuring a standard or extended tax list that’s based upon the ID number that you use. This means that you can configure about 100 of each type of actually on every Cisco router. Typically you won’t need more than that but just in case you do there’s an additional set of ID numbers you can use to configure either standard or extended ACL. So if you use the ID numbers 1399 or 1300 to 1999 you’re configuring standard access list and if you use the ID numbers 100 to 199 or 2000 32699 you’re configuring a numbered extended access list. ACL syntax ACL syntax
So that’s the purpose of the ID number which now brings us to the action field this field can be one of 3 items he could either be a permit which says you are accepting traffic for a particular purpose or you can list deny which means you’re rejecting traffic for a particular purpose or the last option is you can simply list a remark when you use the action of a market it turns the rest of the syntax into a free text field and you can type whatever you want you can say something like I created this fax list on such and such date or in response to such and such ticket number it’s just a simple count. These 2 however are actually processed against traffic. This permit and a nice statement are relative to how the axe this is applied for example if you apply an access to an interface the permit is saying I will allow this traffic to go through the interface and then tonight is saying I will not allow this traffic to go to the interface. But if you applied this access to network address translation then the permit is saying I will translate packets which match the CCL and the denies saying I will not translate packets which match the state seal but that packet might still be allowed through the interface so keep in mind this permit and deny a relative to how you applied the ACL syntax.
Next we have the protocol I notice there is no protocol in a standard acts with the standard axis can only filter on the IP protocol whereas in an extended access list I can feel trying different protocols so this field how you specify which protocol you’re trying to match there are a few different options here one of which is simply IP. If you list I. P. in the particle section you’re indicating to the router through matching all IP traffic. You can also match on the TCP or UDP protocols if you specify one of these you’ll be able to specify ports later on when you get to the source and destination. You can also list the protocol ICMP to match pings and trace route and has a slew of other protocols you can use a cherry or these IP sec protocols and so on. Keep in mind this field does not mean ports ports will be specified later on if you specify TCP and UDP S. the particle. Which finally brings us to the last 3 field now the source in a standard of excellence and the source or destination in an extended access list are specified using the same syntax so we can talk about all of them at the same time. ACL syntax ACL syntax
These fields followed this syntax you must specify some sort of I. P. addresses and you may specify ports. How to specify IP addresses you would use this syntax to specify a single subnet you specify the network ID and then the wildcard mask. To specify a single IP address you use the keyword host and then list the I. P. address and finally to specify all IP addresses you simply use the keyword any. Here are the 3 options you have for this field which is a part of these fields in the syntax for the sales. How in this video series we’re not gonna be unpacking wildcard masks we did create a separate video discussing wildcard mask at length if you’re unfamiliar with the concept of wildcard mask deathly check out that video they’ll be a link the description. That said let’s move on to the port’s section. Amber ports it can only be specified in extended access list you cannot specify ports in a standardized either way if you choose to specify ports you have a few different options to specify a single port you can use the key word EQ and then this that port number the EQ here stands for equals you’re saying the port must equal such and such. ACL syntax
By a range of ports should use the range keyboard and then you this the starting part number and the ending number. Keep in mind this is an inclusive range which means if you list the starting part number of 20 and ending port number of 25 you’re specifying to match 6 different ports. Now most the time when you’re specifying port you’ll be using that guy right there occasionally you’ll be using that character. But there are 3 other options which are pretty rare to use but are important to know about to give you a full understanding of the configuration of access list. Here are those options you can specify G. T. to say the port must be greater than a certain certain port number. You can specify the port must be less than a certain part number or even not equal to a certain part number all those are options you have to specify this section of the source or destination of an extended access. No note that we’re using brackets in the syntax over here that means that the port section is optional so if you admit to the port if you don’t put anything in here your matching on all ports. Okay so now that we’ve talked to every single field in the syntax for number tax list it’s time to actually configure some together so you can see them in action. ACL syntax