How to create and apply Cisco Extended Access List

How to create and apply Cisco Extended Access List

Access list a rule that filters a traffic going through a router interface. Unlike Standard Access List, Extended Access List permits or denies traffic based on source, destination, port, or service.

You would normally apply Extended Access List on the router interface closest to the source device. Extended Access List uses numbers from 100 to 199 or

Here is an example blocking a device sending traffic to a device on another network.

Create the access list:

R03#conf t
R03(config)#access-list 100 deny ip 192.168.2.10 0.0.0.0 19.168.1.0 0.0.0.255
R03(config)#access-list 100 permit ip any any
R03(config)#
This Extended Access List will block the host 192.168.2.10 to communicate with the network 192.168.1.0/24. Notice we are blocking IP, you can also block based on port, protocol or service.

Apply the Access List to the interface:

R03(config)#inter
R03(config)#interface g0/1
R03(config-if)#ip access-group 100 in
R03(config-if)#
See the picture above showing the interfaces

See the access list by issuing show access-list command

R03#show access-lists
Extended IP access list 100
10 deny ip host 192.168.2.10 19.168.1.0 0.0.0.255
20 permit ip any any
R03#

Issue R01(config)#no access-list 100 to remove the access list
Issue R01(config-if)#no ip access-group 100 in to remove the access list application from the inteface.

Publisher: abdirahman isse

Share this post