More Related Content
Similar to Cisco ACL (20)
Cisco ACL
- 2. A TCP Conversation SMTP 25 POP3 110 IMAP 143 HTTP 80 HTTPS 443 DNS 53 FTP-DATA 20 FTP 21 TFTP 69 SNMP 169 NTP 123
- 6. Standard ACL [no] access-list acl-num {deny|permit|remark} [ source [source-wildcard]] [log] access-list 2 deny 192.168.10.1 access-list 2 permit 192.168.10.0 0.0.0.255 access-list 2 deny 192.168.0.0 0.0.255.255 access-list 2 permit 192.0.0.0 0.255.255.255 Router# show access-lists Standard IP access list 99 10 permit host 192.168.99.0 20 permit host 192.168.98.0 Router#conf t Router(config)#no access-list 99 Router(config)#end Router#show access-lists Router# Router(config)#access-list 10 remark Acces_to_LAN Router(config)#access-list 10 permit 192.168.10.0 Router(config-if)# ip access-group {access-list-number | access-list-name} {in | out} Router(config)#access-list 1 permit ip 192.168.10.0 0.0.0.255 Router(config)#interface FastEthernet0/0 Router(config-if)#ip access-group 1 out
- 11. Edit Standard ACL #1 R1# show running-config | include access-list access-list 20 permit 192.168.10.100 access-list 20 deny 192.168.10.0 0.0.0.255 #2 access-list 20 permit 192.168.10.11 access-list 20 deny 192.168.10.0 0.0.0.255 #3 R1# conf t R1(config)# no access-list 20 R1(config)#access-list 20 remark Access for permit host 10.11 R1(config)# access-list 20 permit 192.168.10.11 R1(config)# access-list 20 deny 192.168.10.0 0.0.0.255
- 12. Naming ACL Router(config)# ip access-list [standart | extended] name Router(config-std-nacl)# [no] [num] {deny|permit|remark} … Router(config)#ip access-list standard Bumburum Router(config-std-nacl)#deny host 192.168.0.1 Router(config-std-nacl)#permit 192.168.0.0 0.0.0.255 Router#sh access-lists Standard IP access list Bumburum 10 deny host 192.168.0.1 20 permit 192.168.0.0 0.0.0.255 Router(config-if)# ip access-group {access-list-number | access-list-name} {in | out} Router(config-if)#ip access-group Bumburum out
- 13. Edit ACL Router# show access-lists {acl-num|name} Router#sh access-lists 99 Standard IP access list 99 10 permit host 192.168.9.9 20 permit host 192.168.9.11 Router(config)# ip access-list {standart | extended} {acl-num|name} Router(config-std-nacl)# [no] [num] {deny|permit|remark} … Router#sh access-lists standard 99 Router(config-std-nacl)#15 permit host 192.168.9.10 Router#sh access-lists 99 Standard IP access list 99 10 permit host 192.168.9.9 15 permit host 192.168.9.10 20 permit host 192.168.9.11