IP Standard Access Configuration <ul><li>Sets parameters for this list entry </li></ul><ul><li>IP standard access lists us...
<ul><li>Activates the list on an interface   </li></ul>IP Standard Access Configuration <ul><li>Sets parameters for this l...
<ul><li>Allow more precise filtering conditions </li></ul><ul><ul><li>Check source and destination IP address </li></ul></...
Extended Access List Configuration <ul><li>Sets parameters for this list entry </li></ul><ul><li>IP uses a list number in ...
Extended Access List Configuration <ul><li>IP uses a list number in range 100 to 199 </li></ul><ul><li>Sets parameters for...
Upcoming SlideShare
Loading in …5
×

Configuraton of standard access list and extented access lis

693 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
693
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • access-list command creates an entry in a standard traffic filter list. access-list field descriptions: list—identifies the list to which the entry belongs; a number from 1 to 99. address—source IP address. wildcard-mask—identifies which bits in the address field are matched. It has a 1 in positions indicating “don&apos;t care” bits, and a 0 in any position which is to be strictly followed. ip access-group command links an existing access list to an outgoing interface. Only one access list per port per protocol is allowed. ip access-group field descriptions: list—number of the access-list to be linked to this interface.
  • access-list command creates an entry in a standard traffic filter list. access-list field descriptions: list—identifies the list to which the entry belongs; a number from 1 to 99. address—source IP address. wildcard-mask—identifies which bits in the address field are matched. It has a 1 in positions indicating “don&apos;t care” bits, and a 0 in any position which is to be strictly followed. ip access-group command links an existing access list to an outgoing interface. Only one access list per port per protocol is allowed. ip access-group field descriptions: list—number of the access-list to be linked to this interface.
  • access-list command creates an entry in complex traffic filter list. access-list field descriptions: list—a number between 100 and 199 protocol—ip, tcp, udp, icmp source—ip address source-mask—wildcard-mask of address bits that must match. 0s indicate bits that must match, 1s are &amp;quot;don&apos;t care&amp;quot;. destination—ip address destination-mask—wildcard-mask operator—lt, gt, eq, neq operand—a port number
  • access-list command creates an entry in complex traffic filter list. access-list field descriptions: list—a number between 100 and 199 protocol—ip, tcp, udp, icmp source—ip address source-mask—wildcard-mask of address bits that must match. 0s indicate bits that must match, 1s are &amp;quot;don&apos;t care&amp;quot;. destination—ip address destination-mask—wildcard-mask operator—lt, gt, eq, neq operand—a port number
  • Configuraton of standard access list and extented access lis

    1. 1. IP Standard Access Configuration <ul><li>Sets parameters for this list entry </li></ul><ul><li>IP standard access lists use 1 to 99 </li></ul>[access-list] [ access-list-number ] { permit | deny } [source] [ source-mask ] Router(config)#
    2. 2. <ul><li>Activates the list on an interface </li></ul>IP Standard Access Configuration <ul><li>Sets parameters for this list entry </li></ul><ul><li>IP standard access lists use 1 to 99 </li></ul>[access-list] [access-list-number] { permit | deny } [source] [source-mask] Router(config)# Router(config-if)# [ip access-group] [access-list-number] { in | out }
    3. 3. <ul><li>Allow more precise filtering conditions </li></ul><ul><ul><li>Check source and destination IP address </li></ul></ul><ul><ul><li>Specify an optional IP protocol and port number </li></ul></ul><ul><ul><li>Use access list number range 100 to 199 </li></ul></ul>Extended IP Access Lists
    4. 4. Extended Access List Configuration <ul><li>Sets parameters for this list entry </li></ul><ul><li>IP uses a list number in range 100 to 199 </li></ul>[access-list] [access-list-number] { permit | deny } [ protocol] [source] [source-mask] [destination] [destination-mask] [ operator operand ] [ established ] Router(config)#
    5. 5. Extended Access List Configuration <ul><li>IP uses a list number in range 100 to 199 </li></ul><ul><li>Sets parameters for this list entry </li></ul><ul><li>Activates the extended list on an interface </li></ul>Router(config-if)# [ip access-group] [access-list-number] [ { in | out } ] [access-list] [access-list-number] { permit | deny } [ protocol] [source] [source-mask] [destination] [destination-mask] [ operator operand ] [ established ] Router(config)#

    ×