16.0.0 172.16.4.0
172.16.4.13
172.16.3.0
Con?¬?guring ACLs 233
The con?¬?guration in Example 6-8 provides a solution for this example.
This example denies Telnet traf?¬?c from 172.16.4.0 that is being sent out interface E0. All other IP
traf?¬?c from any other source to any destination is permitted out E0.
Table 6-9 describes the command syntax that is presented in the example.
Con?¬?guring Named ACLs
The named ACL feature allows you to identify standard and extended IP ACLs with an
alphanumeric string (name) instead of the current numeric representations.
Named IP ACLs allow you to delete individual entries in a speci?¬?c ACL. If you are using Cisco
IOS Release 12.3, you can use sequence numbers to insert statements anywhere in the named
Example 6-8 Access List Preventing Telnet Traf?¬?c from a Speci?¬?c Subnet
RouterX(config)# aacccceessss--lliisstt 110011 ddeennyy ttccpp 117722..1166..44..00 00..00..00..225555 aanny eeqq 2233
RouterX(config)# aacccceessss--lliisstt 110011 ppeerrmmiitt iipp aannyy aannyy
(implicit deny all)
RouterX(config)# iinntteerrffaaccee eetthheerrnneett 00
RouterX(config-if)# iipp aacccceessss--ggrroouupp 110011 oouutt
Table 6-9 Numbered Extended IPv4 ACL Example Denying Telnet from a Subnet
access-list
Command
Parameters Description
101 ACL number; indicates an extended IPv4 ACL
deny Indicates that traf?¬?c that matches the selected parameters is not forwarded
tcp Transport layer protocol
172.
Pages:
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355