In 60 Days – ICND2 Configuring Access Lists

Standard IP ACLs Source network or Source host IP Source: Destination: Port 80

Router(config)#access-list 1 permit host Router(config)#access-list 1 permit host Router(config)#access-list 1 permit [Deny All]

Extended ACLs Source/destination address Source/destination port Protocols Services (e.g. ICMP)

Syntax Access list 100 permit/deny service from to port access-list 101 deny tcp host eq telnet access-list 100 permit tcp host eq ftp access-list 100 permit icmp any any

access-list 100 permit tcp host host eq smtp access-list 100 permit tcp host eq ftp access-list 100 permit tcp host host eq www

access-list 101 deny icmp any access-list 101 deny tcp host eq telnet

access-list 102 permit tcp any host eq ftp established

Named ACL Slightly different syntax Can edit (add/remove lines)

Router(config)#ip access-list extended BlockWEB Router(config-ext-nacl)#deny tcp any any eq 80

Applying ACLs Apply to ports or interfaces Router(config)#int fast 0/0 Router(config-if)#ip access-group 101 in Router(config)#line vty 0 15 Router(config-line)#access-class Router(config)#int fast 0/0 Router(config-if)#ip access-group BlockWEB in

End