X hits on this document

Powerpoint document

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs - page 29 / 40

95 views

0 shares

0 downloads

0 comments

29 / 40

Important Concept for Extended ACLs

Both ACLs below implicitly deny all other IP traffic, not just all other TCP traffic. A common mistake many people make is assuming that because they specified only TCP in the main statement(s), they need only to refer to TCP in the final permit any statement (102 below).

The unplanned result would be that all ICMP and UDP traffic matching the address/protocol criteria would be blocked (102 below).

ACL 101’s permit IP any any statement will allow all other traffic.

Lab-X#config t

Lab-X(config)#Access-list 101 deny tcp any 192.168.1.25 eq ftp

Lab-X(config)#Access-list 101 permit IP any any

Lab-X(config)#Access-list 102 deny tcp 10.0.0.0 0.255.255.255 192.168.1.1 eq ftp

Lab-X(config)#Access-list 102 permit TCP any any

Lab-X(config)#interface Fastethernet 0/0

Lab-X(config-if)#ip access-group 101 out

Lab-X(config-if)#ip access-group 102 in

Document info
Document views95
Page views95
Page last viewedWed Dec 07 09:35:25 UTC 2016
Pages40
Paragraphs397
Words2518

Comments