Access list a rule that filters a traffic going through a router interface. Unlike
Standard Access List, Extended Access List permits or denies traffic based on source, destination, port, or service.
You would normally apply Extended Access List on the router interface closest to the source device. Extended Access List uses numbers from 100 to 199 or
Here is an example blocking a device sending traffic to a device on another network.
Create the access list:
R03#conf t
R03(config)#access-list 100 deny ip 192.168.2.10 0.0.0.0 19.168.1.0 0.0.0.255
R03(config)#access-list 100 permit ip any any
R03(config)#
This Extended Access List will block the host 192.168.2.10 to communicate with the network 192.168.1.0/24. Notice we are blocking IP, you can also block based on port, protocol or service.
Apply the Access List to the interface:
R03(config)#inter
R03(config)#interface g0/1
R03(config-if)#ip access-group 100 in
R03(config-if)#
See the picture above showing the interfaces
See the access list by issuing
show access-list command
R03#show access-lists
Extended IP access list 100
10 deny ip host 192.168.2.10 19.168.1.0 0.0.0.255
20 permit ip any any
R03#
Issue
R01(config)#no access-list 100 to remove the access list
Issue
R01(config-if)#no ip access-group 100 in to remove the access list application from the inteface.