7/25/2019 Configuring Acl Slides

1/13

7/25/2019 Configuring Acl Slides

2/13

In 60 Days ICND2

Configuring Access Lists

7/25/2019 Configuring Acl Slides

3/13

Standard IP ACLs

Source network or Source host IP

Source: 172 16 1 1

Destination: 192.168.1.1 Port

7/25/2019 Configuring Acl Slides

4/13

Router(config)#access-list 1 permit host 172.16.1.1

Router(config)#access-list 1 permit host 192.168.1.1

Router(config)#access-list 1 permit 10.1.0.0 0.0.255.255

[Deny All]

7/25/2019 Configuring Acl Slides

5/13

Extended ACLs

Source/destination address Source/destination port

Protocols Services (e.g. ICMP)

7/25/2019 Configuring Acl Slides

6/13

Syntax

Access list 100 permit/deny service from to paccess-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.

access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.3

access-list 100 permit icmp any any

7/25/2019 Configuring Acl Slides

7/13

access-list 100 permit tcp host 172.16.1.1 host 172.20.1.1

access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.30

access-list 100 permit tcp host 192.168.1.1 host 172.30.1.1

7/25/2019 Configuring Acl Slides

8/13

access-list 101 deny icmp any 172.20.0.0 0.0.255.255

access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.

7/25/2019 Configuring Acl Slides

9/13

access-list 102 permit tcp any host 172.30.1.1 eq ftp

7/25/2019 Configuring Acl Slides

10/13

Named ACL

Slightly different syntax Can edit (add/remove lines)

7/25/2019 Configuring Acl Slides

11/13

Router(config)#ip access-list extended BlockWEB

Router(config-ext-nacl)#deny tcp any any eq 80

7/25/2019 Configuring Acl Slides

12/13

Applying ACLs

Apply to ports or interfacesRouter(config)#int fast 0/0

Router(config-if)#ip access-group 101 in

------

Router(config)#line vty 0 15

Router(config-line)#access-class 101------

Router(config)#int fast 0/0

Router(config-if)#ip access-group BlockWEB in

7/25/2019 Configuring Acl Slides

13/13

End