| 10.1.2 |
Named
Access List Syntax
Standard Named Access-List:
Router(config)# ip
access-list standard name
Router(config-std-nacl)# permit | deny {source
[source-wildcard] | any}[log]
Extended Named Access-List:
Router(config)# ip
access-list extended name
Router(config-ext-nacl)# deny | permit protocol
source source-wildcard destination destination-wildcard [precedence
precedence] [tos tos] [established] [log]
[time-range time-range-name]
|
| 10.1.3 |
Time Based
Extended Access List Syntax
Router(config)# time-range
time-range-name
Router(config-time-range)# periodic days-of-the-week hh:mm to[days-of-the-week]
hh:mm
Router(config-time-range)# absolute [start time
date] [end time date]
|
| 10.1.4 |
Configuring
Access List Descriptions with the Remark Command
Router(config)# access-list
access-list-number remark remark
Router(config-std-nacl)# remark remark
|
| 10.1.5 |
Syntax for
Applying Access Lists
Router(config-if)# ip
access-group [access-list-number | access-list-name]
[in | out]
|
| 10.3.3 |
Configuring
Lock-and-Key
Router(config)# dynamic dynamic-name
[timeout minutes] {deny | permit} protocol
source source-wildcard destination destination-wildcard [precedence
precedence] [tos tos] [log]
|
| 10.3.4 |
Configuring
Lock-and-Key Authentication
Router# access-enable [host]
[timeout minutes]
|
| 10.4.1 |
Using
Extended Access Lists with the Established Argument
Router(config)# access-list
access-list-number permit tcp source-address
source-mask destination-address destination-mask established
|
| 10.4.5 |
Configuring
Reflective Access Lists
Router(config)# ip access-list
extended extended-list-name
Router(config-ext-nacl)# permit ip-protocol any
any reflect name [timeout seconds]
Router(config-if)# ip access-group extended-list-name
out
Router(config)# ip access-list extended extended-list-name
Router(config-ext-nacl)# evaluate name
Router(config-if)# ip access-group extended-list-name
in
Router(config)# ip reflexive-list timeout seconds
|
| 10.5.5 |
Defining
CBAC Inspection Rules
Router(config)# ip inspect
name inspection-name protocol [timeout seconds]
Router(config-if)# ip inspect name inspection-name http
[java-list access-list] [timeout seconds]
Router(config-if)#ip inspect inspection-name in
| out
|
| 10.5.7 |
Verifying
CBAC
Router# show ip inspect {name
inspection-name | config | interfaces | session
[detail] | all}
|