16.4.13 Source IP address; ???host??? indicates a wildcard mask of 0.0.0.0
permit Indicates that traf?¬?c that matches the selected parameters is forwarded
172.16.4.0 0.0.0.255 Source IP address and mask; the ?¬?rst three octets must match but not the
last octet
ip access-group
troublemaker out
Links ACL ???troublemaker??? to interface E0 as an output ?¬?lter
E1
S0
E0
Non-
172.16.0.0 172.16.4.0
172.16.4.13
172.16.3.0
238 Chapter 6: Managing Traffic with Access Control Lists
Named Extended ACL??”Deny a Telnet from a Subnet
Using Figure 6-19 again, this time you want to create a list named ???badgroup??? to prevent Telnet
traf?¬?c that originates from the subnet 172.16.4.0/24 from traveling out Ethernet interface E0.
The con?¬?guration in Example 6-12 provides a solution.
Table 6-11 describes the command syntax that is presented in the ?¬?gure.
Adding Comments to Named or Numbered ACLs
Comments, also known as remarks, are ACL statements that are not processed. They are simple
descriptive statements you can use to better understand and troubleshoot either named or
numbered ACLs.
Example 6-12 Access List Preventing Telnet Traf?¬?c from a Speci?¬?c Subnet
RouterX(config)#iipp aacccceessss--lliisstt eexxtteennddeedd bbaaddggrroouupp
RouterX(config-ext-nacl)#ddeennyy ttccpp 117722.
Pages:
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362