The following example permits Simple Mail Transfer Protocol (SMTP) (e-mail) traffic to host 172.16.1.1, Domain
Name System (DNS) traffic, and ICMP echo and echo reply packets sourced from all hosts:
Step 1. Define an extended ACL.
Router(config)# access-list 101 permit tcp any host 172.16.1.1 eq smtp
Router(config)# access-list 101 permit tcp any any eq domain
Router(config)# access-list 101 permit udp any any eq domain
Router(config)# access-list 101 permit icmp any any echo
Router(config)# access-list 101 permit icmp any any echo-reply
Step 2. Apply the ACL to an interface.
Router(config)# interface Serial0
Router(config-if)# ip access-group 101 in
IP Named ACLs
Cisco IOS Software also added the capability to use a name in the ACL. This allows standard and extended ACLs
to be given names instead of numbers. All other parameters remain the same. This is an additional feature
added to the normal ACL convention. The command syntax format you use to define a named ACL is the
following:
Router(config)# ip access-list {standard | extended} access-list-name
(Followed by permit/deny criteria statements)
Example 2-3 shows the configuration of a standard named ACL called myacl that allows all traffic sourced from
network 192.
Pages:
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93