Home   ::  Login   ::  Register   ::  Post

:: Computers & Technology

creating extended named ip access list on cisco router

SpiderTip
SpiderTip
Posted: 2014-03-24

Extended access uses numbers from 100 to 199 and checks both the source and destination IP address of all packets. Extended Access Control List In this example we will define an extended named access control list that will allow or permit any network traffic from 10.20.1.0/24 to cross in the Fa0/1 interface outbound. It will apply any IP address in this network (10.20.1.1-10.20.1.254) that is going out of the interface. Router# conf t Router(config)# access-list extended Allow_1 Router(config-ext-nac1)# permit 10.20.1.0 0.0.0.255 any Router(config-ext-nac1)#exit Router(config)# Router(config)#interface Fa0/1 Router(config-if)#ip access-group Allow_1 out Router(config-if)#end Router# In the above example we created ACL Allow_1 and allowed 10.20.1.0/24 network traffic to cross the interface and reach any destination network. We applied the ACL to FastEthernet 0/1 for outbound traffic. So the two steps involved are creating the Access Control List and applying it to a specific interface, inbound or outbound. Take a look at this other example that will allow only FTP connection from a local network to a specific host on another network. You would apply this to the router interface of the FTP machine. Router# conf t Router(config)# access-list extended FTPAllow Router(config-ext-nac1)# permit tcp10.20.1.0 0.0.0.255 host 10.30.1.1 eq 20 Router(config-ext-nac1)# permit tcp10.20.1.0 0.0.0.255 host 10.30.1.1 eq 21 Router(config-ext-nac1)# deny any any Router(config-ext-nac1)#exit Router(config)# Router(config)#interface Fa0/2 Router(config-if)#ip access-group 102 out Router(config-if)#end Router# For the same way, we can allow the HTTP and Telnet access to the specified server and block any other connection. Router# conf t Router(config)# access-list extended HTTPAllow Router(config-ext-nac1)# permit tcp10.20.1.0 0.0.0.255 host 10.30.1.1 eq 80 Router(config-ext-nac1)# permit tcp10.20.1.0 0.0.0.255 host 10.30.1.1 eq 23 Router(config-ext-nac1)# deny any any Router(config-ext-nac1)#exit Router(config)# Router(config)#interface Fa0/2 Router(config-if)#ip access-group HTTPAllow out Router(config-if)#end Router# Displaying Access Control Lists (ACL) To display the ACLs configured on a device, use the show access-lists command below. Router1(config)# show access-lists To remove a access list from the router use the no access-list # command below. Replace the # with actual number of the access list. Router1# conft Router1(config)# no access-list # To remove a access list application from an interface use the no access-group # command below. Replace the # with actual number of the access list. Router1# conft Router1(config)# interface Fa1/1 Router1(config-int)#no access-group #

© Copyright 2019-2020 SpiderTip.Com