diff --git a/IT/Configuring a Cisco IOS Switch.md b/IT/Configuring a Cisco IOS Switch.md
index 773b798..61c4028 100644
--- a/IT/Configuring a Cisco IOS Switch.md	
+++ b/IT/Configuring a Cisco IOS Switch.md	
@@ -97,6 +97,20 @@ vlan [vlan-id]
 no shutdown
 ```
 
+# Access list management
+Access lists are created implicitly when you apply the first configuration. More docs for access list management can be found at <https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html.xml>.
+### Permitting a particular network for a numbered access list
+From the privileged exec terminal:
+```
+access-list [access-list-num] permit [network] [wildcard-mask]
+```
+`permit` can be substituted with `deny` to instead explictly deny a network. An example of a valid network could be `192.168.1.0`, and a wildcard mask for a `/24` would be `0.0.0.255`. Unless explictly stated, an access list will deny all other traffic. You can explicitly allow traffic by default for a numbered access list with `access-list [access-list-num] permit any`.
+
+### Denying traffic from a particular address for a numbered access list
+```
+access-list [access-list-num] deny [address]
+```
+
 # Viewing configs
 ### Vlan config
 From the privileged exec terminal: