Configuraton of standard access list and extented access lis
Download as PPT, PDF0 likes486 views
This document discusses IP standard and extended access lists. IP standard access lists use numbers 1-99 to filter based on source IP addresses. Extended IP access lists use numbers 100-199 to filter on source/destination IP addresses, protocol, and port numbers. Access lists are applied to interfaces to filter inbound or outbound traffic.
![IP Standard Access Configuration Sets parameters for this list entry IP standard access lists use 1 to 99 [access-list] [ access-list-number ] { permit | deny } [source] [ source-mask ] Router(config)#](https://image.slidesharecdn.com/configuratonofstandardaccesslistandextentedaccesslis-100917005947-phpapp01/85/Configuraton-of-standard-access-list-and-extented-access-lis-1-320.jpg)
![Activates the list on an interface IP Standard Access Configuration Sets parameters for this list entry IP standard access lists use 1 to 99 [access-list] [access-list-number] { permit | deny } [source] [source-mask] Router(config)# Router(config-if)# [ip access-group] [access-list-number] { in | out }](https://image.slidesharecdn.com/configuratonofstandardaccesslistandextentedaccesslis-100917005947-phpapp01/85/Configuraton-of-standard-access-list-and-extented-access-lis-2-320.jpg)
![Extended Access List Configuration Sets parameters for this list entry IP uses a list number in range 100 to 199 [access-list] [access-list-number] { permit | deny } [ protocol] [source] [source-mask] [destination] [destination-mask] [ operator operand ] [ established ] Router(config)#](https://image.slidesharecdn.com/configuratonofstandardaccesslistandextentedaccesslis-100917005947-phpapp01/85/Configuraton-of-standard-access-list-and-extented-access-lis-4-320.jpg)
![Extended Access List Configuration IP uses a list number in range 100 to 199 Sets parameters for this list entry Activates the extended list on an interface Router(config-if)# [ip access-group] [access-list-number] [ { in | out } ] [access-list] [access-list-number] { permit | deny } [ protocol] [source] [source-mask] [destination] [destination-mask] [ operator operand ] [ established ] Router(config)#](https://image.slidesharecdn.com/configuratonofstandardaccesslistandextentedaccesslis-100917005947-phpapp01/85/Configuraton-of-standard-access-list-and-extented-access-lis-5-320.jpg)
Configuraton of standard access list and extented access lis
- 1. IP Standard Access Configuration Sets parameters for this list entry IP standard access lists use 1 to 99 [access-list] [ access-list-number ] { permit | deny } [source] [ source-mask ] Router(config)#
- 2. Activates the list on an interface IP Standard Access Configuration Sets parameters for this list entry IP standard access lists use 1 to 99 [access-list] [access-list-number] { permit | deny } [source] [source-mask] Router(config)# Router(config-if)# [ip access-group] [access-list-number] { in | out }
- 3. Allow more precise filtering conditions Check source and destination IP address Specify an optional IP protocol and port number Use access list number range 100 to 199 Extended IP Access Lists
- 4. Extended Access List Configuration Sets parameters for this list entry IP uses a list number in range 100 to 199 [access-list] [access-list-number] { permit | deny } [ protocol] [source] [source-mask] [destination] [destination-mask] [ operator operand ] [ established ] Router(config)#
- 5. Extended Access List Configuration IP uses a list number in range 100 to 199 Sets parameters for this list entry Activates the extended list on an interface Router(config-if)# [ip access-group] [access-list-number] [ { in | out } ] [access-list] [access-list-number] { permit | deny } [ protocol] [source] [source-mask] [destination] [destination-mask] [ operator operand ] [ established ] Router(config)#
Editor's Notes
- #2: access-list command creates an entry in a standard traffic filter list. access-list field descriptions: list—identifies the list to which the entry belongs; a number from 1 to 99. address—source IP address. wildcard-mask—identifies which bits in the address field are matched. It has a 1 in positions indicating “don't care” bits, and a 0 in any position which is to be strictly followed. ip access-group command links an existing access list to an outgoing interface. Only one access list per port per protocol is allowed. ip access-group field descriptions: list—number of the access-list to be linked to this interface.
- #3: access-list command creates an entry in a standard traffic filter list. access-list field descriptions: list—identifies the list to which the entry belongs; a number from 1 to 99. address—source IP address. wildcard-mask—identifies which bits in the address field are matched. It has a 1 in positions indicating “don't care” bits, and a 0 in any position which is to be strictly followed. ip access-group command links an existing access list to an outgoing interface. Only one access list per port per protocol is allowed. ip access-group field descriptions: list—number of the access-list to be linked to this interface.
- #5: access-list command creates an entry in complex traffic filter list. access-list field descriptions: list—a number between 100 and 199 protocol—ip, tcp, udp, icmp source—ip address source-mask—wildcard-mask of address bits that must match. 0s indicate bits that must match, 1s are "don't care". destination—ip address destination-mask—wildcard-mask operator—lt, gt, eq, neq operand—a port number
- #6: access-list command creates an entry in complex traffic filter list. access-list field descriptions: list—a number between 100 and 199 protocol—ip, tcp, udp, icmp source—ip address source-mask—wildcard-mask of address bits that must match. 0s indicate bits that must match, 1s are "don't care". destination—ip address destination-mask—wildcard-mask operator—lt, gt, eq, neq operand—a port number