Professional Documents
Culture Documents
********Standard ACL(NAME)******
R2:
R2(config)# ip access-list standard ACLS
R2(config-std-nacl)# remark This Acl is used to BLaBLaBLaBLaBLaBLa
R2(config-std-nacl)# permit 192.168.0.0 0.0.0.255
R2(config)#int f0/0
R2(config-if)#ip access-group ACLS out
----------Add rule in order---------------
R2(config-std-nacl)#5 deny host 192.168.0.1
R2# show ip access-lists
----------Remove Rule and add a new one----
R2(config)# ip access-list standard ACLS
R2(config-std-nacl)#no 5
R2# show ip access-lists
R2(config)# ip access-list standard ACLS
R2(config-std-nacl)#5 deny host 192.168.0.2
R2# show ip access-lists
R2#clear access-list counters
R2#show ip access-lists ACLS
Ping from PC1 to Server0
Ping from PC2 to Server0
********Standard ACL(Number)******
R2(config)#access-list 1 remark This Acl is used to BLaBLaBLaBLaBLaBLa
R2(config)#access-list 1 deny host 192.168.0.2
R2(config)#access-list 1 permit 192.168.0.0 0.0.0.255
R2(config)#int f0/0
R2(config-if)#ip access-group 1 out
R2#show ip access-lists
Ping from PC1 to Server0
Ping from PC2 to Server0
******ACL-Telnet******************
Telnet(config)#username mahmoud password 123
Telnet(config)#ip access-list standard TELNET
Telnet(config-std-nacl)#permit host 192.168.0.2
Telnet(config-std-nacl)#deny host 192.168.0.3
Telnet(config-std-nacl)#exit
Telnet(config)#line vty 0 4
Telnet(config-line)#transport input telnet
Telnet(config-line)#login local
Telnet(config-line)#access-class TELNET in
Telnet(config-line)#exit
Telnet from PC1 to Router Telnet
Telnet from PC2 to Router Telnet
********Extended ACL(Number)******
Task(1)
Permit 192.168.0.0 to open HTTP from inside to outside not varses
Task(2)
Permit 192.168.0.2 to open Telnet on Telnet router 10.0.0.3
Deny 192.168.0.3 to open Telnet on Telnet router 10.0.0.3
Task(3)
Permit 192.168.0.2 to open FTP on Server0 10.0.0.100
Deny 192.168.0.3 to open FTP on Server0 10.0.0.100
Task(4)
Permit 192.168.0.2 to ping any outside devices
Deny 192.168.0.3 to ping any outside devices
-----------------------------------
R1(config)#access-list 100 permit tcp 192.168.0.0 0.0.0.255 any eq 80
Telnet(config)#line vty 0 4
Telnet(config-line)#password 123
Telnet(config-line)#login
Telnet(config-line)#exit
R1(config)#int f0/1
R1(config-if)#ip access-group 100 in
R1(config)#int f0/0
R1(config-if)#ip access-group 101 in
R1(config-if)#exit