User Guide
A
CCESS
 C
ONTROL
 L
IST
 C
OMMANDS
4-122
IP ACLs 
Table 4-36 IP ACL Commands
Command Function Mode Page
access-list ip Creates an IP ACL and enters 
configuration mode
GC 4-123
access-list ip 
extended 
fragment-auto-mask
Automatically creates extra masks to 
support fragmented ACL entries
GC 4-123
permit, deny Filters packets matching a specified source 
IP address
STD-A
CL
4-124
permit, deny Filters packets meeting the specified 
criteria, including source and destination IP 
address, TCP/UDP port number, protocol 
type, and TCP control code
EXT-A
CL
4-125
show ip access-list  Displays the rules for configured IP ACLs PE 4-128
access-list ip 
mask-precedence
Changes to the mode for configuring access 
control masks
GC 4-129
mask Sets a precedence mask for the ACL rules IP-Mask 4-130
show access-list ip 
mask-precedence
Shows the ingress or egress rule masks for 
IP ACLs
PE 4-133
ip access-group  Adds a port to an IP ACL IC 4-134
show ip access-group Shows port assignments for IP ACLs PE 4-134
map access-list ip Sets the CoS value and corresponding 
output queue for packets matching an ACL 
rule
IC 4-135
show map 
access-list ip 
Shows CoS value mapped to an access list 
for an interface
PE 4-136
match access-list ip  Changes the 802.1p priority, IP 
Precedence, or DSCP Priority of a frame 
matching the defined rule (i.e., also called 
packet marking)
IC 4-137
show marking Displays the current configuration for 
packet marking
PE 4-138










