Applied Groups In order for access-lists to work they must be applied to an ethernet port as well as a decision needs to be made if they will be an access-list for incoming traffic or outgoing traffic. Router#configure terminal Router#access-list 5 permit 192.168.1.0 0.0.0.255 Router#access-list 5 deny 192.168.4.5 .0.0.0.0 Router#access-list 5 permit 192.168.4.0 0.0.0.255 Router#access-list 5 permit 192.168.3.1 0.0.0.255 Router#access-list 5 deny 0.0.0.0 255.255.255.255 Access-list 5 can be be applied to the outbound traffic by applying it to Ethernet 0. Example: Router#config t Enter configuration commands. one per line. End with CNTL/Z. Router(config)#interface ethernet 0 Router(config-if)#ip access-group 5 out %&^%^%$*^$% Network access list pics and text Creating A Standard Access List Router#configure terminal Router#access-list 5 permit 192.168.1.0 0.0.0.255 Router#access-list 5 deny 192.168.4.5 .0.0.0.0 Router#access-list 5 permit 192.168.4.0 0.0.0.255 Router#access-list 5 permit 192.168.3.1 0.0.0.255 Router#access-list 5 deny 0.0.0.0 255.255.255.255 Extended Access Lists The Standard access lists filter traffic only based on source IP addresses. The Extended Access Lists filter traffic on the basis of IP addresses and also provide filtering based on source and destination address. Extended Access Lists also filter on TCP and UDP, evaluate the TCP and UDP header and filter TCP/DP port numbers.
|