Upload
harry-hill
View
228
Download
0
Embed Size (px)
DESCRIPTION
Standard IP ACLs Source network or Source host IP Source: Destination: Port 80
Citation preview
In 60 Days – ICND2Configuring Access
Lists
Standard IP ACLs• Source network or• Source host IP
Source: 172.16.1.1Destination:
192.168.1.1 Port 80
Router(config)#access-list 1 permit host 172.16.1.1Router(config)#access-list 1 permit host 192.168.1.1Router(config)#access-list 1 permit 10.1.0.0 0.0.255.255[Deny All]
Extended ACLs• Source/destination address• Source/destination port• Protocols• Services (e.g. ICMP)
SyntaxAccess list 100 permit/deny service from to port
access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq telnet
access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq ftp
access-list 100 permit icmp any any
access-list 100 permit tcp host 172.16.1.1 host 172.20.1.1 eq smtpaccess-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq ftpaccess-list 100 permit tcp host 192.168.1.1 host 172.30.1.1 eq www
access-list 101 deny icmp any 172.20.0.0 0.0.255.255access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq telnet
access-list 102 permit tcp any host 172.30.1.1 eq ftp established
Named ACL• Slightly different syntax• Can edit (add/remove lines)
Router(config)#ip access-list extended BlockWEBRouter(config-ext-nacl)#deny tcp any any eq 80
Applying ACLs• Apply to ports or interfacesRouter(config)#int fast 0/0Router(config-if)#ip access-group 101 in------Router(config)#line vty 0 15Router(config-line)#access-class 101------Router(config)#int fast 0/0Router(config-if)#ip access-group BlockWEB in
End