Scribd Logo
Upload

Welcome to Scribd!

  • Class 13

    Uploaded by

    jokate6848
    6 views5 pages

    Original Title

    Class-13

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views5 pages

    Class 13

    Uploaded by

    jokate6848

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Standard ACL

    Standard ACL - Configuration:


    Router-0
    (config)#router rip
    (config-router)network 10.10.10.0
    (config-router)network 172.16.1.0
    (config-router)network 192.168.1.0

    Router-1:
    (config)#router rip
    (config-router)network 200.20.20.0
    (config-router)network 172.16.1.0

    SSH Configuration:
    (config)#line vty 0 4
    (config-line)#password 123
    Router(config)#service password-encryption
    Permit One PC:
    Router(config)#access-list 10 permit host 192.168.1.2
    Router(config)#line vty 0 4
    Router(config-line)#access-class 10 in
    Permit on a Network:
    (config)#line vty 0 4
    (config-line)#password 123
    Router(config)#access-list 10 permit 10.10.10.0 0.0.0.255
    Router(config)#line vty 0 4
    Router(config-line)#access-class 10 in
    Define ACL on Port:
    Router(config)#access-list 10 deny host 192.168.1.3
    Router(config)#access-list 10 permit any
    Router(config)#interface fastEthernet 0/0
    Router(config-if)#ip access-group 10 out
    Extended ACL
    Extended ACL - Configuration
    Setup DNS Server:
    Deny Single Host to a PC (not to use):
    Router(config)#access-list 100 deny ip 10.10.10.2 0.0.0.0 10.10.20.2 0.0.0.0
    Router(config)#access-list 100 permit ip any any
    Router(config)#interface fastEthernet 0/0
    Router(config-if)#ip access-group 100 in

    Deny Half Network:


    Router(config)#access-list 110 deny tcp 10.10.10.100 0.0.0.127 host 10.10.20.4 eq 80
    Router(config)#access-list 110 deny tcp 10.10.10.200 0.0.0.127 host 10.10.20.5 eq 80
    Router(config)#access-list 110 permit ip any any
    interface fastEthernet 0/0
    Router(config-if)#ip access-group 110 in

    You might also like