Scribd
Upload
15 views

Standard Acces List: Ccna Managing Traffic With Access Lists

The document discusses different types of access lists used to manage traffic in Cisco routers and switches, including standard and extended IP access lists, named access lists, MAC access lists, and timed access lists. It provides syntax examples for creating each type of access list and applying them to interfaces to filter traffic.

Uploaded by

Rafik Oudaoud
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
15 views

Standard Acces List: Ccna Managing Traffic With Access Lists

The document discusses different types of access lists used to manage traffic in Cisco routers and switches, including standard and extended IP access lists, named access lists, MAC access lists, and timed access lists. It provides syntax examples for creating each type of access list and applying them to interfaces to filter traffic.

Uploaded by

Rafik Oudaoud
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

CCNA MANAGING TRAFFIC WITH ACCESS LISTs Standard Acces list Syntax: Router(Config)# access-list ACL_id deny/permit source_id

wildcard_mask Router(Config)# interface interface_name Router(Config)# ip access-group ACL_id outbound / inbound Example: Router(Config)# access-list 10 deny 10.0.0.0 0.255.255.255 Router(Config)# access-list 10 permit 0.0.0.0 255.255.255.255 Router(Config)# interface ethernet 0 Router(Config-if)# ip access-group 10 out The upper example will deny entire network (10.0.0.0) to pass any traffic on ethernet interface from outbound interface. Extended Access List Syntax: Router(Config)# access-list acl_id deny / permit protocol_name source_id wildcard_mask destination_id wildcard_mask eq port_number Or Router(Config)# access-list acl_id deny / permit protocol_name source_id host destination_ip eq port_number Router(Config)# interface interface_name Router(Config)# ip access-group acl_id outbound/inbound Example: Router(Config)# access-list 110 deny tcp 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255 eq 23 Router(Config)# access-list 110 permit ip any any Router(Config)# interface ethernet 0 Router(Config)# ip access-group 110 out The above acl will deny telnet traffic from any ip to 10.0.0.0 network on ethernet interface outbound Named access List Synatx: Router(Config)# ip access-list standard/extended acl_name Router(Config-std-nac)# deny/permit source_id wildcard_mask Router(Config-std-nac)# exit

1 of 3

Router(Config)# interface interface_name Router(Config-if)# ip access-group acl_name out / in Example: Router(Config)# ip access-list standard hello Router(Config-std-nac)# deny 10.0.0.0 0.255.255.255 Router(Config-std-nac)# exit Router(Config)# interface ethernet 0 Router(Config-if)# ip access-group hello out The above example will block the entire traffic from 10.0.0.0 network Monitoring Access List Show access-list Show access-list ACL-number Show ip access-list Show ip interface To display all access lists To display a specific access list To show only the ip access lists To show that which interface has access lists set

Switch Port Access List S1#config t S1(config)#mac access-list extended Todd_MAC_List S1(config-ext-macl)#deny any host 000d.29bd.4b85 S1(config-ext-macl)#permit any any S1(config-ext-macl)#do show access-list S1(config-ext-macl)#int f0/6 S1(config-if)#mac access-group Todd_MAC_List in Timed based ACL Corp#config t Corp(config)#time-range no-http Corp(config-time-range)#periodic weekend 06:00 to 12:00 Corp(config-time-range)#exit Corp(config)#time-range tcp-yes Corp(config-time-range)#periodic weekend 06:00 to 12:00 Corp(config-time-range)#exit Corp(config)#ip access-list extended Time Corp(config-ext-nacl)#deny tcp any any eq www time-range no-http Corp(config-ext-nacl)#permit tcp any any time-range tcp-yes Corp(config-ext-nacl)#interface f0/0 Corp(config-if)#ip access-group Time in Corp(config-if)#do show time-range

2 of 3

You might also like