X hits on this document

Powerpoint document

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs - page 23 / 40

135 views

0 shares

0 downloads

0 comments

23 / 40

Extended ACLs – Creating an Extended Access List

As with standard lists, the access-list command is used to create each condition of the list – using one condition per line. The syntax for each line in the list is:

access-list access-list-number {permit | deny} {protocol | protocol keyword} {source | any} [source-wildcard] [source port] {destination | any} [destination-wildcard] [destination port] [options]

Example:

Lab-X#config t

Lab-X(config)#Access-list 101 deny tcp 192.168.1.0 0.0.0.255 any eq www

Lab-X(config)#Access-list 101 deny tcp any eq ftp 192.168.1.25

Lab-X(config)#Access-list 101 permit ip any any

Lab-X(config)#interface Fastethernet 0/0

Lab-X(config-if)#ip access-group 101 out

The access list-number range for IP extended access lists is 100 to 199.

The protocol entry defines the protocol to be filtered, such as IP, TCP, UDP, or ICMP for example. Because IP headers transport TCP, UDP, and ICMP, it is important to specify the protocol or you could end up inadvertently filtering more than you want to.  

Document info
Document views135
Page views135
Page last viewedSat Jan 21 22:32:52 UTC 2017
Pages40
Paragraphs397
Words2518

Comments