In 60 Days – ICND2 Configuring Access Lists
Standard IP ACLs Source network or Source host IP Source: Destination: Port 80
Router(config)#access-list 1 permit host Router(config)#access-list 1 permit host Router(config)#access-list 1 permit [Deny All]
Extended ACLs Source/destination address Source/destination port Protocols Services (e.g. ICMP)
Syntax Access list 100 permit/deny service from to port access-list 101 deny tcp host eq telnet access-list 100 permit tcp host eq ftp access-list 100 permit icmp any any
access-list 100 permit tcp host host eq smtp access-list 100 permit tcp host eq ftp access-list 100 permit tcp host host eq www
access-list 101 deny icmp any access-list 101 deny tcp host eq telnet
access-list 102 permit tcp any host eq ftp established
Named ACL Slightly different syntax Can edit (add/remove lines)
Router(config)#ip access-list extended BlockWEB Router(config-ext-nacl)#deny tcp any any eq 80
Applying ACLs Apply to ports or interfaces Router(config)#int fast 0/0 Router(config-if)#ip access-group 101 in Router(config)#line vty 0 15 Router(config-line)#access-class Router(config)#int fast 0/0 Router(config-if)#ip access-group BlockWEB in
End