Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 5: ACLs for IPv4 Configuration - Coggle Diagram
Module 5: ACLs for IPv4 Configuration
Modify IPv4 ACLs
To modify an ACL, use a text editor or use sequence numbers. ACLs with multiple ACEs should be created in a text editor
Sequence numbers are automatically assigned when an ACE is entered. These numbers are listed in the
show access-lists
command.
Configure Extended IPv4 ACLs
Extended ACLs are used more often than standard ACLs because they provide a greater degree of control
To create a numbered extended
ACL
, use the Router(config)# access-list access-list-number {deny | permit | remark text} protocol source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established] [log] global configuration command.
Configure Standard IPv4 ACLSs
When configuring a complex ACL, it is suggested that you use a text editor and write out the specifics of the policy to be implemented, add the IOS configuration commands to accomplish those tasks, include remarks to document the ACL, copy and paste the commands on a lab device, and always thoroughly test an ACL to ensure that it correctly applies the desired policy.
To create a numbered standard ACL, use the
ip access-list
access-list-number
global configuration command
Use the
no access-list
access-list-number
global configuration command to remove a numbered standard ACL.
Use the
ip access-list standard
access-list-name
global configuration command.
Use the
show ip interface
command to verify if an interface has an ACL applied to it.
Use the
no ip access-list standard
access-list-name
global configuration command to remove a named standard IPv4 ACL.
Use the
ip access-group
{
access-list-number | access-list-name
}
{ in | out
} global configuration command. To remove an ACL from an interface, first enter the
no ip access-group
interface configuration command.
To remove the ACL from the router, use the
no access-list
global configuration command.
Secure VTY Ports with Standard IPv4 ACLs
The
out
parameter filters outgoing vty traffic and is rarely applied.
Use the s
how ip interface
command to verify if an interface has an ACL applied to it.
The
in
keyword is the most commonly used option to filter incoming vty traffic.
To verify the ACL statistics, issue the
show access-lists
command.