Designing and Monitoring Access Lists PDF Print E-mail

 

Applied Groups
In order for access-lists to work they must be applied to an ethernet port as well as a decision needs to be made if they will be an access-list for incoming traffic or outgoing traffic.

Router#configure terminal
Router#access-list 5 permit 192.168.1.0 0.0.0.255
Router#access-list 5 deny 192.168.4.5 .0.0.0.0
Router#access-list 5 permit 192.168.4.0 0.0.0.255
Router#access-list 5 permit 192.168.3.1 0.0.0.255
Router#access-list 5 deny 0.0.0.0 255.255.255.255

Access-list 5 can be be applied to the outbound traffic by applying it to Ethernet 0.
Example:

Router#config t
Enter configuration commands. one per line. End with CNTL/Z.
Router(config)#interface ethernet 0
Router(config-if)#ip access-group 5 out

%&^%^%$*^$% Network access list pics and text

Creating A Standard Access List

Router#configure terminal
Router#access-list 5 permit 192.168.1.0 0.0.0.255
Router#access-list 5 deny 192.168.4.5 .0.0.0.0
Router#access-list 5 permit 192.168.4.0 0.0.0.255
Router#access-list 5 permit 192.168.3.1 0.0.0.255
Router#access-list 5 deny 0.0.0.0 255.255.255.255

 

 access lists

Extended Access Lists
The Standard access lists filter traffic only based on source IP addresses. The Extended Access Lists filter traffic on the basis of IP addresses and also provide filtering based on source and destination address. Extended Access Lists also filter on TCP and UDP, evaluate the TCP and UDP header and filter TCP/DP port numbers.