Home   ::  Login   ::  Register   ::  Post

:: Computers & Technology

creating extended ip access list on cisco router

SpiderTip
SpiderTip
Posted: 2014-03-21

Access control lists (ACLs) provide a means to filter packets by allowing network traffic to cross specified interfaces. It controls whether a passing packet is allowed or denied to a destination (outbound or inbound) and takes an appropriate action. You will first have to create the ACLs and then apply to a specific interface. There are 3 popular types of ACL: Standard, Extended and Named ACLs. We are only focusing standard IP Access List in this example. Extended access uses numbers from 100 to 199 and checks both the source and destination IP address of all packets. Extended Access Control List In this example we will define an extended access control list that will allow any network traffic from 10.20.1.0/24 to cross in the Fa0/1 interface outbound. It will apply any IP address in this network (10.20.1.1-10.20.1.254) that is going out of the interface. Router# conf t Router(config)# access-list 101 permit IP 10.20.1.0 0.0.0.255 any Router(config)#interface Fa0/1 Router(config-if)#ip access-group 101 out Router(config-if)#end Router# In the above example we created ACL 101 and allowed 10.20.1.0/24 network traffic to cross the interface and reach any destination network. We applied the ACL to FastEthernet 0/1 for outbound traffic. So the two steps involved are creating the Access Control List and applying it to an specific interface, inbound or outbound. Take a look at this other example that will allow only FTP connection from a local network to a specific host on another network. You would apply this to the router interface of the FTP machine. Router# conf t Router(config)# access-list 102 permit tcp10.20.1.0 0.0.0.255 host 10.30.1.1 eq 20 Router(config)# access-list 102 permit tcp10.20.1.0 0.0.0.255 host 10.30.1.1 eq 21 Router(config)# access-list 102 deny any any Router(config)#interface Fa0/2 Router(config-if)#ip access-group 102 in Router(config-if)#end Router# For the same way, we can control the HTTP and Telnet access to specified server. Router# conf t Router(config)# access-list 102 permit tcp10.20.1.0 0.0.0.255 host 10.30.1.1 eq 80 Router(config)# access-list 102 permit tcp10.20.1.0 0.0.0.255 host 10.30.1.1 eq 23 Router(config)# access-list 102 deny any any Router(config)#interface Fa0/2 Router(config-if)#ip access-group 102 in Router(config-if)#end Router#

© Copyright 2019-2020 SpiderTip.Com