Figure 28-1 shows the network topology for the configuration that follows, which shows five ACL examples using the commands covered in this chapter.
RedDeer(config)#access-list 10 deny 172.16.10.0 0.0.0.255
Standard ACL denies complete network for complete TCP/IP suite of protocols
RedDeer(config)#access-list 10 permit any
Defeats the implicit deny
RedDeer(config)#int e0
RedDeer(config)#ip access-group 10 out
Applies ACL in an outbound direction
Edmonton(config)#access list 115 deny ip host 172.16.10.5 host 172.16.50.7
Extended ACL denies specific host for entire TCP/IP suite
Edmonton(config)#access list 115 permit ip any any
All others permitted through
Edmonton(config)#int e0
Edmonton(config)#ip access-group 115 in
Applies ACL in an inbound direction
RedDeer(config)#access-list 20 permit host 172.16.10.5
RedDeer(config)#line vty 0 4
Go to virtual terminal lines
RedDeer(config-line)#access-class 20 in
Use access-class, not access-group
Calgary(config)#access list 150 permit tcp host 172.16.20.163 host 172.16.70.2 eq 23
Calgary(config)#access list 150 deny tcp 172.16.20.0 0.0.0.255 host 172.16.70.2 eq 23
Calgary(config)#access list 150 permit ip any any
Calgary(config)#int e0
Calgary(config)#ip access-group 150 out
RedDeer(config)#access-list 101 deny tcp 172.16.50.0 0.0.0.63 host 172.16.80.16 eq 80
RedDeer(config)#access-list 101 permit ip any any
Allows device to do everything, including Telnet
RedDeer(config)#int e1
RedDeer(config)#ip access-group 101 in