Cisco ACL

Access Control List 2009 © Alexander Rybolovlev

A TCP Conversation SMTP 25 POP3 110 IMAP 143 HTTP 80 HTTPS 443 DNS 53 FTP-DATA 20 FTP 21 TFTP 69 SNMP 169 NTP 123

Packet Filtering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],One ACL per protocol (e.g., IP or IPX) One ACL per interface (e.g., FastEthernet0/0) One ACL per direction (i.e., IN or OUT)

Numbering and Naming ACLs Router (config)# access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> I P extended access list (expanded range) <700-799> 48-bit MAC address access list ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Standard ACL [no] access-list acl-num {deny|permit|remark} [ source [source-wildcard]] [log] access-list 2 deny 192.168.10.1 access-list 2 permit 192.168.10.0 0.0.0.255 access-list 2 deny 192.168.0.0 0.0.255.255 access-list 2 permit 192.0.0.0 0.255.255.255 Router# show access-lists Standard IP access list 99 10 permit host 192.168.99.0 20 permit host 192.168.98.0 Router#conf t Router(config)#no access-list 99 Router(config)#end Router#show access-lists Router# Router(config)#access-list 10 remark Acces_to_LAN Router(config)#access-list 10 permit 192.168.10.0 Router(config-if)# ip access-group {access-list-number | access-list-name} {in | out} Router(config)#access-list 1 permit ip 192.168.10.0 0.0.0.255 Router(config)#interface FastEthernet0/0 Router(config-if)#ip access-group 1 out

Edit Standard ACL #1 R1# show running-config | include access-list access-list 20 permit 192.168.10.100 access-list 20 deny 192.168.10.0 0.0.0.255 #2 access-list 20 permit 192.168.10.11 access-list 20 deny 192.168.10.0 0.0.0.255 #3 R1# conf t R1(config)# no access-list 20 R1(config)#access-list 20 remark Access for permit host 10.11 R1(config)# access-list 20 permit 192.168.10.11 R1(config)# access-list 20 deny 192.168.10.0 0.0.0.255

Naming ACL Router(config)# ip access-list [standart | extended] name Router(config-std-nacl)# [no] [num] {deny|permit|remark} … Router(config)#ip access-list standard Bumburum Router(config-std-nacl)#deny host 192.168.0.1 Router(config-std-nacl)#permit 192.168.0.0 0.0.0.255 Router#sh access-lists Standard IP access list Bumburum 10 deny host 192.168.0.1 20 permit 192.168.0.0 0.0.0.255 Router(config-if)# ip access-group {access-list-number | access-list-name} {in | out} Router(config-if)#ip access-group Bumburum out

Edit ACL Router# show access-lists {acl-num|name} Router#sh access-lists 99 Standard IP access list 99 10 permit host 192.168.9.9 20 permit host 192.168.9.11 Router(config)# ip access-list {standart | extended} {acl-num|name} Router(config-std-nacl)# [no] [num] {deny|permit|remark} … Router#sh access-lists standard 99 Router(config-std-nacl)#15 permit host 192.168.9.10 Router#sh access-lists 99 Standard IP access list 99 10 permit host 192.168.9.9 15 permit host 192.168.9.10 20 permit host 192.168.9.11

Extended ACL R1(config)# access-list 101 permit tcp any eq ?

Cisco ACL

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Cisco ACL

Similar to Cisco ACL (20)

Recently uploaded

Recently uploaded (20)

Cisco ACL