Home   ::  Login   ::  Register   ::  Post

:: Computers & Technology

How to create and apply Cisco Extended Access List

Posted: 2017-11-16

Access list a rule that filters a traffic going through a router interface. Unlike Standard Access List, Extended Access List permits or denies traffic based on source, destination, port, or service.

You would normally apply Extended Access List on the router interface closest to the source device. Extended Access List uses numbers from 100 to 199 or

Here is an example blocking a device sending traffic to a device on another network.

Create the access list:

R03#conf t
R03(config)#access-list 100 deny ip
R03(config)#access-list 100 permit ip any any
This Extended Access List will block the host to communicate with the network Notice we are blocking IP, you can also block based on port, protocol or service.

Apply the Access List to the interface:

R03(config)#interface g0/1
R03(config-if)#ip access-group 100 in
See the picture above showing the interfaces

See the access list by issuing show access-list command

R03#show access-lists
Extended IP access list 100
10 deny ip host
20 permit ip any any

Issue R01(config)#no access-list 100 to remove the access list
Issue R01(config-if)#no ip access-group 100 in to remove the access list application from the inteface.

© Copyright 2019-2020 SpiderTip.Com