Your SlideShare is downloading. ×
0
Configuraton of standard access list and extented access lis
Configuraton of standard access list and extented access lis
Configuraton of standard access list and extented access lis
Configuraton of standard access list and extented access lis
Configuraton of standard access list and extented access lis
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Configuraton of standard access list and extented access lis

489

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
489
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • access-list command creates an entry in a standard traffic filter list. access-list field descriptions: list—identifies the list to which the entry belongs; a number from 1 to 99. address—source IP address. wildcard-mask—identifies which bits in the address field are matched. It has a 1 in positions indicating “don't care” bits, and a 0 in any position which is to be strictly followed. ip access-group command links an existing access list to an outgoing interface. Only one access list per port per protocol is allowed. ip access-group field descriptions: list—number of the access-list to be linked to this interface.
  • access-list command creates an entry in a standard traffic filter list. access-list field descriptions: list—identifies the list to which the entry belongs; a number from 1 to 99. address—source IP address. wildcard-mask—identifies which bits in the address field are matched. It has a 1 in positions indicating “don't care” bits, and a 0 in any position which is to be strictly followed. ip access-group command links an existing access list to an outgoing interface. Only one access list per port per protocol is allowed. ip access-group field descriptions: list—number of the access-list to be linked to this interface.
  • access-list command creates an entry in complex traffic filter list. access-list field descriptions: list—a number between 100 and 199 protocol—ip, tcp, udp, icmp source—ip address source-mask—wildcard-mask of address bits that must match. 0s indicate bits that must match, 1s are "don't care". destination—ip address destination-mask—wildcard-mask operator—lt, gt, eq, neq operand—a port number
  • access-list command creates an entry in complex traffic filter list. access-list field descriptions: list—a number between 100 and 199 protocol—ip, tcp, udp, icmp source—ip address source-mask—wildcard-mask of address bits that must match. 0s indicate bits that must match, 1s are "don't care". destination—ip address destination-mask—wildcard-mask operator—lt, gt, eq, neq operand—a port number
  • Transcript

    • 1. IP Standard Access Configuration
      • Sets parameters for this list entry
      • IP standard access lists use 1 to 99
      [access-list] [ access-list-number ] { permit | deny } [source] [ source-mask ] Router(config)#
    • 2.
      • Activates the list on an interface
      IP Standard Access Configuration
      • Sets parameters for this list entry
      • IP standard access lists use 1 to 99
      [access-list] [access-list-number] { permit | deny } [source] [source-mask] Router(config)# Router(config-if)# [ip access-group] [access-list-number] { in | out }
    • 3.
      • Allow more precise filtering conditions
        • Check source and destination IP address
        • Specify an optional IP protocol and port number
        • Use access list number range 100 to 199
      Extended IP Access Lists
    • 4. Extended Access List Configuration
      • Sets parameters for this list entry
      • IP uses a list number in range 100 to 199
      [access-list] [access-list-number] { permit | deny } [ protocol] [source] [source-mask] [destination] [destination-mask] [ operator operand ] [ established ] Router(config)#
    • 5. Extended Access List Configuration
      • IP uses a list number in range 100 to 199
      • Sets parameters for this list entry
      • Activates the extended list on an interface
      Router(config-if)# [ip access-group] [access-list-number] [ { in | out } ] [access-list] [access-list-number] { permit | deny } [ protocol] [source] [source-mask] [destination] [destination-mask] [ operator operand ] [ established ] Router(config)#

    ×