X hits on this document

Powerpoint document

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs - page 23 / 40

73 views

0 shares

0 downloads

0 comments

23 / 40

Extended ACLs – Creating an Extended Access List

As with standard lists, the access-list command is used to create each condition of the list – using one condition per line. The syntax for each line in the list is:

access-list access-list-number {permit | deny} {protocol | protocol keyword} {source | any} [source-wildcard] [source port] {destination | any} [destination-wildcard] [destination port] [options]

Example:

Lab-X#config t

Lab-X(config)#Access-list 101 deny tcp 192.168.1.0 0.0.0.255 any eq www

Lab-X(config)#Access-list 101 deny tcp any eq ftp 192.168.1.25

Lab-X(config)#Access-list 101 permit ip any any

Lab-X(config)#interface Fastethernet 0/0

Lab-X(config-if)#ip access-group 101 out

The access list-number range for IP extended access lists is 100 to 199.

The protocol entry defines the protocol to be filtered, such as IP, TCP, UDP, or ICMP for example. Because IP headers transport TCP, UDP, and ICMP, it is important to specify the protocol or you could end up inadvertently filtering more than you want to.  

Document info
Document views73
Page views73
Page last viewedSat Dec 03 03:05:23 UTC 2016
Pages40
Paragraphs397
Words2518

Comments