WHAT'S HOT
PARTS:
Part 1
Part 2
Part 3
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Prev | Current Page 80 | Next

Yusuf Bhaiji

"Network Security Technologies and Solutions"

1.
After the ACL is defined, it must be applied to the interface (inbound or outbound direction).
Router(config)# interface
Router(config-if)# ip access-group {access-list-number|name} {in|out}
The following is another example showing the use of a standard ACL to block all traffic except that from source
10.1.1.0/24. Note that the example has one permit statement followed by an implicit deny, which will block all
other traffic.
Step 1. Define a standard ACL.
Router(config)# access-list 1 permit 10.1.1.0 0.0.0.255
Step 2. Apply the ACL to an interface.
Router(config)# interface Serial0
Router(config-if)# ip access-group 1 in
Extended ACLs
Extended ACLs are used to filter more-specific traffic based on the source address, the destination address, and
specific protocols, ports, and flags. A sample command syntax format for various types of extended ACLs for
each protocol is shown in the list that follows:
To define an extended IP ACL:
Code View:
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny |
permit} protocol source source-wildcard destination destination-wildcard
[precedence precedence] [tos tos] [log | log-input] [time-range time-range-name]
[fragments]
To define an extended TCP ACL:
Code View:
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny |
permit} tcp source source-wildcard [operator [port]] destination destination-
wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log
| log-input] [time-range time-range-name] [fragments]
To define an extended User Datagram Protocol (UDP) ACL:
Code View:
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny |
permit} udp source source-wildcard [operator [port]] destination destination-
wildcard [operator [port]] [precedence precedence] [tos tos] [log | log-input]
[time-range time-range-name] [fragments]
To define an extended Internet Control Message Protocol (ICMP) ACL:
Code View:
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny |
permit} icmp source source-wildcard destination destination-wildcard [icmp-type
[icmp-code] | icmp-message] [precedence precedence] [tos tos] [log | log-input]
[time-range time-range-name] [fragments]
To define an extended Internet Group Management Protocol (IGMP) ACL:
Code View:
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny |
permit} igmp source source-wildcard destination destination-wildcard [igmp-
type] [precedence precedence] [tos tos] [log | log-input] [time-range time-
range-name] [fragments]
In all Cisco IOS Software releases, the access-list-number for extended access lists can be 101 to 199 or the
expanded numbers 2000 to 2699, as shown in Table 2-6.


Pages:
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
Mastering Joomla! 1.5 Extension and Framework Development (page 163) The Essential Guide to CSS and HTML Web Design (page 290) Microsoft Windows Server 2008 Administration (page 47)