Access list a rule that filters a traffic going through a router interface. Unlike Standard Access List, Extended Access List permits or denies traffic based on source, destination, port, or service.
You would normally apply Extended Access List on the router interface closest to the source device. Extended Access List uses numbers from 100 to 199 or
Here is an example blocking a device sending traffic to a device on another network.
Create the access list:
R03(config)#access-list 100 deny ip 192.168.2.10 0.0.0.0 220.127.116.11 0.0.0.255
R03(config)#access-list 100 permit ip any any
This Extended Access List will block the host 192.168.2.10 to communicate with the network 192.168.1.0/24. Notice we are blocking IP, you can also block based on port, protocol or service.
Apply the Access List to the interface:
R03(config-if)#ip access-group 100 in
See the picture above showing the interfaces
See the access list by issuing show access-list command
Extended IP access list 100
10 deny ip host 192.168.2.10 18.104.22.168 0.0.0.255
20 permit ip any any
Issue R01(config)#no access-list 100 to remove the access list
Issue R01(config-if)#no ip access-group 100 in to remove the access list application from the inteface.