16.1.0/24 and host 172.65.1.1.
Example 2-3. Standard Named ACL Example
ip access-list standard myacl
permit 192.16.1.0 0.0.0.255
permit host 172.65.1.1
(Note: implicit deny)
Example 2-4 shows configuration of an extended named ACL called myacl that allows SMTP connections to host
172.16.1.1 and DNS packets and all ICMP packets.
Example 2-4. Extended Named ACL Example
ip access-list extended myacl
permit tcp any host 172.16.1.1 eq smtp
permit tcp any any eq domain
permit udp any any eq domain
permit icmp any any
(Note: implicit deny)
Lock and Key (Dynamic ACLs)
Lock and key (also known as Dynamic ACL) allows you to set up a dynamic access that will allow per-user
access control to a particular source/destination using an authentication mechanism. The lock-and-key feature
depends on the following items: the Telnet protocol, an authentication process, and an extended ACL.
The following process elaborates the operation of lock-and-key access.
Configure an extended ACL to block traffic through the router, except the ability to telnet to the router
from any host. This is important, as the user needs to telnet to the router to open the dynamic access
entry. If the ACL is denying everything, the whole process will fail.
Pages:
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94