Configuration Example: Access Control Lists

Figure 28-1 shows the network topology for the configuration that follows, which shows five ACL examples using the commands covered in this chapter.

Figure 28-1. Network Topology for ACL Configuration

Example 1. Write an ACL that prevents the 10.0 network from accessing the 40.0 network, but everyone else can.

RedDeer(config)#access-list 10 deny

Standard ACL denies complete network for complete TCP/IP suite of protocols

RedDeer(config)#access-list 10 permit any

Defeats the implicit deny

RedDeer(config)#int e0


RedDeer(config)#ip access-group 10 out

Applies ACL in an outbound direction

Example 2. Write an ACL which states that 10.5 cannot access 50.7. Everyone else can.

Edmonton(config)#access list 115 deny ip host host

Extended ACL denies specific host for entire TCP/IP suite

Edmonton(config)#access list 115 permit ip any any

All others permitted through

Edmonton(config)#int e0


Edmonton(config)#ip access-group 115 in

Applies ACL in an inbound direction

Example 3. Write an ACL which states that 10.5 can Telnet to the Red Deer router. No one else can.

RedDeer(config)#access-list 20 permit host


RedDeer(config)#line vty 0 4

Go to virtual terminal lines

RedDeer(config-line)#access-class 20 in

Use access-class, not access-group

Example 4. Write an ACL which states that 20.163 can Telnet to 70.2. No one else from 20.0 can Telnet to 70.2. Any other host from any other subnet can connect to 70.2 using anything that is available.

Calgary(config)#access list 150 permit tcp host host eq 23


Calgary(config)#access list 150 deny tcp host eq 23


Calgary(config)#access list 150 permit ip any any

Defeats the implicit deny

Calgary(config)#int e0


Calgary(config)#ip access-group 150 out


Example 5. Write an ACL which states that 50.150.63 are not allowed web access to 80.16. Hosts 50.6450.254 are. Everyone can do everything else.

RedDeer(config)#access-list 101 deny tcp host eq 80


RedDeer(config)#access-list 101 permit ip any any

Allows device to do everything, including Telnet

RedDeer(config)#int e1


RedDeer(config)#ip access-group 101 in


CCNA Self-Study(c) CCNA Portable Command Guide
CCNA Portable Command Guide
ISBN: 1587201585
EAN: 2147483647
Year: 2006
Pages: 261
Authors: Scott Empson

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: