Access Lists
Chapter 10
Networking Essentials – Eric Vanderburg © 2005
Standard Access Lists










Access-list # permit source wildcard
Access-list # deny source wildcard
**wildcard...
Extended IP access lists










Access-list 101 permit tcp 192.168.10.0
0.0.0.255 gt 1023 host 10.10.0.1 eq 80
Ac...
Named extended access lists


Ip access-list extended Test
Router(config-ext-nacl)#
 Permit tcp host 10.1.1.2 eq www any...
commands
Show ip access-lists
 Interface ethernet 0


Ip access-group 1 out (applies this access
list to the interface f...
commands
Show ip access-lists
 Interface ethernet 0


Ip access-group 1 out (applies this access
list to the interface f...
Upcoming SlideShare
Loading in...5
×

CCNA Routing and Switching Lesson 10 - Access Lists - Eric Vanderburg

206

Published on

CCNA Routing and Switching Lesson 10 - Access Lists - Eric Vanderburg

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
206
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CCNA Routing and Switching Lesson 10 - Access Lists - Eric Vanderburg

  1. 1. Access Lists Chapter 10 Networking Essentials – Eric Vanderburg © 2005
  2. 2. Standard Access Lists         Access-list # permit source wildcard Access-list # deny source wildcard **wildcard is optional Access-list # remark note to self Access-list 1 permit 192.168.0.1 0.0.0.255 (match everything except the last octet) Can use “any” keyword List number range from 1-99, & 1300-1999 TIP: locate as close to destination as possible
  3. 3. Extended IP access lists       Access-list 101 permit tcp 192.168.10.0 0.0.0.255 gt 1023 host 10.10.0.1 eq 80 Access-list 102 deny udp host 192.168.10.99 eq 1024 10.10.0.0 0.0.255.255 eq dns Access-list 103 tcp any host 10.10.0.1 eq telnet Access-list permit ip any any List number range from 100-199, & 2000-2699 TIP: locate as close to source as possible
  4. 4. Named extended access lists  Ip access-list extended Test Router(config-ext-nacl)#  Permit tcp host 10.1.1.2 eq www any  Deny ip host 10.1.2.5 10.1.2.0.0.0.0.255  Permit ip any any   Can delete specific lines in the list ip access-list extended Test  No deny ip host 10.1.2.5 10.1.2.0 0.0.0.255 
  5. 5. commands Show ip access-lists  Interface ethernet 0  Ip access-group 1 out (applies this access list to the interface for outgoing data)  Ip access-group Test out (used for named access lists)   Line con 0  Ip access-class 1 in (restrict incoming connections to those in the access list)
  6. 6. commands Show ip access-lists  Interface ethernet 0  Ip access-group 1 out (applies this access list to the interface for outgoing data)  Ip access-group Test out (used for named access lists)   Line con 0  Ip access-class 1 in (restrict incoming connections to those in the access list)
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×