- Posts: 1
- Thank you received: 0
ACL's
18 years 5 months ago #15624
by BiT
As you know from the CCNA course there are basic ACLs and extended ACLs.
The syntax for a basic ACL is:
[code:1]Router(config)#access-list [access-list-number] {permit | deny} [source IP address] [wildcard mask(optional)][/code:1]
Basic ACLs can obtain numbers from 1 to 99 and from 1300 to 1999.
An example of a basic ACL would be:
[code:1]Router(config)#access-list 1 permit 171.69.2.88[/code:1]
This would translate as:
Permit all traffic from 171.69.2.88
Extended ACLs are a bit more complicated but they give you more flexibility and security.
Syntax:
[code:1]Router(config)#access-list [access-list-number] {permit | deny} {tcp | udp} [source IP address] [source wildcard mask] [destination IP address] [destination wildcard mask] [/code:1]
Extended ACL numbers are from 100 to 199 and from 2000 to 2699.
Example of an extended ACL:
[code:1]Router(config)#access-list 113 permit tcp 172.16.6.0 0.0.0.255 any eq telnet[/code:1]
Permit all telnet traffic from network 172.16.6.0
Don't forget to apply the access-list to an interface after you've configured it.
Of course, this is only the basic concept. Other extra commands can be added to the configuration of an extended ACL, depending on the requirements.
The syntax for a basic ACL is:
[code:1]Router(config)#access-list [access-list-number] {permit | deny} [source IP address] [wildcard mask(optional)][/code:1]
Basic ACLs can obtain numbers from 1 to 99 and from 1300 to 1999.
An example of a basic ACL would be:
[code:1]Router(config)#access-list 1 permit 171.69.2.88[/code:1]
This would translate as:
Permit all traffic from 171.69.2.88
Extended ACLs are a bit more complicated but they give you more flexibility and security.
Syntax:
[code:1]Router(config)#access-list [access-list-number] {permit | deny} {tcp | udp} [source IP address] [source wildcard mask] [destination IP address] [destination wildcard mask] [/code:1]
Extended ACL numbers are from 100 to 199 and from 2000 to 2699.
Example of an extended ACL:
[code:1]Router(config)#access-list 113 permit tcp 172.16.6.0 0.0.0.255 any eq telnet[/code:1]
Permit all telnet traffic from network 172.16.6.0
Don't forget to apply the access-list to an interface after you've configured it.
Of course, this is only the basic concept. Other extra commands can be added to the configuration of an extended ACL, depending on the requirements.
Time to create page: 0.112 seconds