Creating Standard ACLs


Router(config)#access-list 10 permit 172.16.0.0 0.0.255.255

Read this line to say: All packets with a source IP address of 172.16.x.x will be permitted to continue through the internetwork

access-list

ACL command

10

Arbitrary number between 1 and 99, designating this as a standard IP ACL

permit

Packets that match this statement will be allowed to continue

172.16.0.0

Source IP address to be compared to

0.0.255.255

Wildcard mask

  

Router(config)#access-list 10 deny host 172.17.0.1

Read this line to say: All packets with a source IP address of 172.17.0.1 will be dropped and discarded

access-list

ACL command

10

Number between 1 and 99, designating this as a standard IP ACL

deny

Packets that match this statement will be dropped and discarded

host

Keyword

172.17.0.1

Specific host address

  

Router(config)#access-list 10 permit any

Read this line to say: All packets with any source IP address will be permitted to continue through the internetwork

access-list

ACL command

10

Number between 1 and 99, designating this as a standard IP ACL

permit

Packets that match this statement will be allowed to continue

any

Keyword to mean all IP addresses


Tip:

There is an implicit deny statement that is hard coded into every ACL. You cannot see it, but it states "deny everything not already permitted." This is always the last line of any ACL. If you want to defeat this implicit deny, put a permit any statement in your standard ACLs or permit ip any any in your extended ACLs as the last line.





CCNA Self-Study(c) CCNA Portable Command Guide
CCNA Portable Command Guide
ISBN: 1587201585
EAN: 2147483647
Year: 2006
Pages: 261
Authors: Scott Empson

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net