Please enable JavaScript.
Coggle requires JavaScript to display documents.
CIsco Icnd1 : Access-Control Lists (ACCESS-LIST (Number (STANDARD (HOST,…
CIsco Icnd1 : Access-Control Lists
ACCESS-LIST
Number
Extended 101-199
Extended 2000-2699
1000-2698
EXTENDED
#
(the word "Extended" in the statement)
PERMIT
Protocol
(Protocol name i.e. "tcp", "ICMP")
Protocol number (i.e. 80 for http)
(HOST) (optional "host" statement)
Source address IP argument (i.e. Host 10.1.33.2)
Destination IP argument (i.e. 192.168.1.30)
Optional : Log, Interval (sec), DISABLE
Optional : Default, inactive, time frame
Implicit "DENY ANY" is at the end.
1 more item...
Host can = ("any" "any4" any6","any any")
Protocol number (i.e. 80 for http) then "eq" means equals (i.e. eq 80)
DENY
statement "permit" or "deny"
STANDARD
the word "Standard" in the statment
DENY
PERMIT
HOST
Source IP Argument (i.e. 10.4.5.6)
Implicit "DENY ANY" is at the end
router(conf-t)#ACCESS-GROUP (number)
OUT
1 more item...
IN
"in" means filtering on
source
ip ( i.e. 10.2.3.4); the source
before
it hits the router.
Standard 0-100
NAME(extended access-lists only)
#
Router01>enable
Router01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router01(config)#ip access-list extended BLOCK_WS03
Router01(config-ext-nacl)#deny tcp host 172.16.0.12 host 172.20.0.5 eq 80
Router01(config-ext-nacl)#permit ip any any
Router01(config-ext-nacl)#exit
Router01(config)#exit
Router01#
Router(config-ext-nacl) = extended, named access-control list for
Router(config)# interface interface_no
Router(config-if)# ip access-group ACL_name in|out