Use the ip access-group
interface con?¬?guration command:
RouterX(config-if)# iipp aacccceessss--ggrroouupp 110011 iinn
Use the show ip interfaces command to verify that an IP ACL is applied to
the interface.
Numbered Extended IP ACL: Deny FTP from Subnets
For the network in Figure 6-17, you want to create a list to prevent FTP traf?¬?c that originates from
the subnet 172.16.4.0/24, going to the 172.16.3.0/24 subnet, from traveling out Ethernet interface
E0.
Figure 6-17 Extended ACL Denying FTP from One Subnet to Another
The con?¬?guration in Example 6-7 provides a solution for this example.
Example 6-7 Access List Preventing FTP Traf?¬?c from Speci?¬?c Subnets
RouterX(config)# aacccceessss--lliisstt 110011 ddeennyy ttccpp 117722..1166..44..00 00..00..00..225555 117722..166..33..00 00..00..00..225555 eeqq 2211
RouterX(config)# aacccceessss--lliisstt 110011 ddeennyy ttccpp 117722..1166..44..00 00..00..00..225555 117722..166..33..00 00..00..00..225555 eeqq 2200
RouterX(config)# aacccceessss--lliisstt 110011 ppeerrmmiitt iipp aannyy aannyy
(implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)
RouterX(config)# iinntteerrffaaccee eetthheerrnneett 00
RouterX(config-if)# iipp aacccceessss--ggrroouupp 110011 oouutt
E1
S0
E0
Non-
172.
Pages:
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353