Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

ACLs

  • Stop on first match.
  • end-of-list, no matches, deny.

An ACL to just count traffic should always end with

permit ip any any

Block a specific host

Necessary because the default action at the end is “deny any”

access-list 1 deny host 10.0.0.1
access-list 1 permit any

Allow a host range

This allows packets from 192.168.10.0/24 to travel to 192.168.200.0/24

access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255

Deny access except from specific hosts

Usually required for features like CoPP

access-list 10 permit 10.0.0.1
access-list 10 permit 10.0.0.2
access-list 10 permit 10.0.0.3

References

Cisco - ACL Examples

Last Modified • Saturday, June 13, 2026. 6:58 am UTC+00:00 • Commit: 27246d6