Date post: | 24-Feb-2018 |
Category: |
Documents |
Upload: | nosaernest |
View: | 223 times |
Download: | 0 times |
of 13
7/25/2019 Configuring Acl Slides
1/13
7/25/2019 Configuring Acl Slides
2/13
In 60 Days ICND2
Configuring Access Lists
7/25/2019 Configuring Acl Slides
3/13
Standard IP ACLs
Source network or Source host IP
Source: 172 16 1 1
Destination: 192.168.1.1 Port
7/25/2019 Configuring Acl Slides
4/13
Router(config)#access-list 1 permit host 172.16.1.1
Router(config)#access-list 1 permit host 192.168.1.1
Router(config)#access-list 1 permit 10.1.0.0 0.0.255.255
[Deny All]
7/25/2019 Configuring Acl Slides
5/13
Extended ACLs
Source/destination address Source/destination port
Protocols Services (e.g. ICMP)
7/25/2019 Configuring Acl Slides
6/13
Syntax
Access list 100 permit/deny service from to paccess-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.
access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.3
access-list 100 permit icmp any any
7/25/2019 Configuring Acl Slides
7/13
access-list 100 permit tcp host 172.16.1.1 host 172.20.1.1
access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.30
access-list 100 permit tcp host 192.168.1.1 host 172.30.1.1
7/25/2019 Configuring Acl Slides
8/13
access-list 101 deny icmp any 172.20.0.0 0.0.255.255
access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.
7/25/2019 Configuring Acl Slides
9/13
access-list 102 permit tcp any host 172.30.1.1 eq ftp
7/25/2019 Configuring Acl Slides
10/13
Named ACL
Slightly different syntax Can edit (add/remove lines)
7/25/2019 Configuring Acl Slides
11/13
Router(config)#ip access-list extended BlockWEB
Router(config-ext-nacl)#deny tcp any any eq 80
7/25/2019 Configuring Acl Slides
12/13
Applying ACLs
Apply to ports or interfacesRouter(config)#int fast 0/0
Router(config-if)#ip access-group 101 in
------
Router(config)#line vty 0 15
Router(config-line)#access-class 101------
Router(config)#int fast 0/0
Router(config-if)#ip access-group BlockWEB in
7/25/2019 Configuring Acl Slides
13/13
End