ip access-list

Creates an IP access list (ACL). ACLs contain rules that permit or deny traffic based on packet fields belonging to the IPv4 family of protocols.

Syntax

ip access-list name
no ip access-list name

Parameters

name
Specifies the name of the IP access list. Names cannot exceed 64 characters and must start with an alphabetic character or an underscore, followed by alphabetic or numeric characters or dots. Reserved keywords cannot be used, such as all or egress

Modes

Config mode

Usage Guidelines

Command-line mode changes from (config) to (config-ip-acl) after new IP ACL is created.

The following reserved keywords cannot be used as name identifiers: all, ingress-group, egress, egress-group, match, list, access-list, route-map, and listener-policy.
Table 1. Error messages
Message Reason
Error: ipv4-acl name identifier cannot exceed 64 characters. ACL name is longer than 64 characters.
Error: ipv4-acl name identifier must start with an alphabetic character or an underscore ACL name begins with non-alphabetic character or does not begin with an underscore.
Error: ipv4-acl name identifier must be an arbitrary sequence of alphabets, numerals, underscores, hyphens, or dots. ACL name contains invalid characters.
Error: ipv4-acl name identifier must not be reserved keyword "access-list". ACL name includes the reserved word access-list

Examples

The following example creates an ACL named P4. On successful creation the mode changes to config-ip-acl.

device# configure terminal
device(config)# ip access-list P4
device(config-ip-acl)#

The following example deletes the ACL named P4.

device# configure terminal
device(config)# no ip access-list P4
9037099-00 Rev AA