16.0.0 172.16.4.0
172.16.4.13
172.16.3.0
232 Chapter 6: Managing Traffic with Access Control Lists
Table 6-8 describes the command syntax presented in Example 6-7.
The deny statements deny FTP traf?¬?c from subnet 172.16.4.0 to subnet 172.16.3.0. The permit
statement allows all other IP traf?¬?c out interface E0.
Numbered Extended ACL: Deny Only Telnet from Subnet
For the network in Figure 6-18, you want to create a list to prevent Telnet traf?¬?c that originates
from the subnet 172.16.4.0/24 from traveling out Ethernet interface E0.
Figure 6-18 Extended ACL Denying Telnet from a Given Subnet
Table 6-8 Numbered Extended IPv4 ACL Example Denying FTP Between Subnets
access-list
Command
Parameters Description
101 ACL number; indicates an extended IPv4 ACL
deny Indicates that traf?¬?c that matches the selected parameters is not forwarded
tcp Transport layer protocol
172.16.4.0 0.0.0.255 Source IP address and mask; the ?¬?rst three octets must match but not the last
octet
172.16.3.0 0.0.0.255 Destination IP address and mask; the ?¬?rst three octets must match but not the
last octet
eq 21 Destination port; speci?¬?es the well-known port number for FTP control
eq 20 Destination port; speci?¬?es the well-known port number for FTP data
out Links ACL 101 to interface E0 as an output ?¬?lter
E1
S0
E0
Non-
172.
Pages:
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354