Download presentation
Presentation is loading. Please wait.
2
In 60 Days – ICND2 Configuring Access Lists
3
Standard IP ACLs Source network or Source host IP Source: 172.16.1.1 Destination: 192.168.1.1 Port 80
4
Router(config)#access-list 1 permit host 172.16.1.1 Router(config)#access-list 1 permit host 192.168.1.1 Router(config)#access-list 1 permit 10.1.0.0 0.0.255.255 [Deny All]
![Router(config)#access-list 1 permit host Router(config)#access-list 1 permit host Router(config)#access-list 1 permit [Deny All]](http://images.slideplayer.com./29/9447521/slides/slide_4.jpg "Router(config)#access-list 1 permit host Router(config)#access-list 1 permit host Router(config)#access-list 1 permit [Deny All]")
5
Extended ACLs Source/destination address Source/destination port Protocols Services (e.g. ICMP)
6
Syntax Access list 100 permit/deny service from to port access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq telnet access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq ftp access-list 100 permit icmp any any
7
access-list 100 permit tcp host 172.16.1.1 host 172.20.1.1 eq smtp access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq ftp access-list 100 permit tcp host 192.168.1.1 host 172.30.1.1 eq www
8
access-list 101 deny icmp any 172.20.0.0 0.0.255.255 access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq telnet
9
access-list 102 permit tcp any host 172.30.1.1 eq ftp established
10
Named ACL Slightly different syntax Can edit (add/remove lines)
11
Router(config)#ip access-list extended BlockWEB Router(config-ext-nacl)#deny tcp any any eq 80
12
Applying ACLs Apply to ports or interfaces Router(config)#int fast 0/0 Router(config-if)#ip access-group 101 in ------ Router(config)#line vty 0 15 Router(config-line)#access-class 101 ------ Router(config)#int fast 0/0 Router(config-if)#ip access-group BlockWEB in
13
End
Similar presentations
