Create ACE - Extended Window

This window appears when you choose Extended IP and click Create in the Create ACL window.

Follow these steps to create an ACE for an ACL of the extended type:

  1. From the Keyword list, select an action:
  2. From the Log list, select a logging option: Restriction: For Catalyst 2950 switches, the logging option is not available.
  3. In the Precedence list, select an option that describes the priority that you want to assign to packets that meet the filtering criteria.
    Restriction: For Catalyst 2950 switches, the precedence option is not available.
  4. In the Type of Service list, select the type of service that you want to assign to packets that meet the filtering criteria.
    Restriction: For Catalyst 2950 switches, the type-of-service option is not supported.
  5. Enter an IP address in the Source Address field.
  6. From the Source Wildcard list, select one of these:
  7. The mask is a wildcard mask: the high-order bits of the mask that are binary zeros determine how many corresponding high-order bits in the IP address are significant. The selected action applies to any source address with these high-order bits.
  8. In the Protocol list, select a protocol that you are associating with this ACE. Restriction: For Catalyst 2950 switches, only the IP, TCP, and UDP protocols are supported.
  9. Make a selection in the DSCP list if you made no selection in the Precedence or Type of Service lists.
    Restriction: For Catalyst 2950 switches, a DSCP selection is not supported.
  10. Use the Destination Address field and the Destination Wildcard list as you used the Source Address field and Source Mask list. The only difference is that here you are specifying filtering criteria for a destination address.
  11. Click OK. An ACE for an extended ACL is created.

Note: any is equivalent to specifying a source address and mask of 255.255.255.255. host is equivalent to specifying a mask of 0.0.0.0.