Professional Documents
Culture Documents
Extended Access-List Example On Cisco Router
Extended Access-List Example On Cisco Router
Robocop(config)#access-list 100 ?
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
permit Specify packets to forward
remark Access list entry comment
1 of 9 8.7.2016 12:05
Extended Access-List example on Cisco Router | NetworkLessons.com https://networklessons.com/cisco/ccna-routing-switching/extended-acc...
3 of 9 8.7.2016 12:05
Extended Access-List example on Cisco Router | NetworkLessons.com https://networklessons.com/cisco/ccna-routing-switching/extended-acc...
ED209#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ...
% Destination unreachable; gateway or host down
4 of 9 8.7.2016 12:05
Extended Access-List example on Cisco Router | NetworkLessons.com https://networklessons.com/cisco/ccna-routing-switching/extended-acc...
Robocop#show access-lists
Extended IP access list 100
10 permit tcp 1.1.1.0 0.0.0.255 host 2.2.2.2 eq www
20 deny ip any any log (1 match)
Robocop(config-ext-nacl)#
Robocop(config-ext-nacl)#?
5 of 9
Ext Access List configuration commands: 8.7.2016 12:05
Extended Access-List example on Cisco Router | NetworkLessons.com https://networklessons.com/cisco/ccna-routing-switching/extended-acc...
Robocop(config-ext-nacl)#?
Ext Access List configuration commands:
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
evaluate Evaluate an access list
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
Robocop(config-ext-nacl)#no 20
( g ) y p
ED209(config-ext-nacl)#deny icmp host 2.2.2.2 1.1.1.0 0.0.0.255
ED209(config-ext-nacl)#permit ip any any
ED209(config-ext-nacl)#exit
Robocop#ping 1.1.1.1
ED209#show access-lists
Extended IP access list DROPICMP
10 deny icmp host 192.168.12.2 1.1.1.0 0.0.0.255 (15 matches)
20 deny icmp host 2.2.2.2 1.1.1.0 0.0.0.255
30 permit ip any any
ED209#show access-lists
7 of 9 8.7.2016 12:05
Extended Access-List example on Cisco Router | NetworkLessons.com https://networklessons.com/cisco/ccna-routing-switching/extended-acc...
ED209#show access-lists
Extended IP access list DROPICMP
10 deny icmp host 192.168.12.2 1.1.1.0 0.0.0.255 (15 matches)
20 deny icmp host 2.2.2.2 1.1.1.0 0.0.0.255 (15 matches)
30 permit ip any any
Robocop#telnet 1.1.1.1
Trying 1.1.1.1 ...
ED209#show access-lists
Extended IP access list DROPICMP
10 deny icmp host 192.168.12.2 1.1.1.0 0.0.0.255 (27 matches)
20 deny icmp host 2.2.2.2 1.1.1.0 0.0.0.255 (18 matches)
30 permit ip any any (12 matches)
hostname ED209
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip access-group DROPICMP in
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
8 of 9 8.7.2016 12:05
Extended Access-List example on Cisco Router | NetworkLessons.com https://networklessons.com/cisco/ccna-routing-switching/extended-acc...
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
ip access-list extended DROPICMP
deny icmp host 192.168.12.2 1.1.1.0 0.0.0.255
deny icmp host 2.2.2.2 1.1.1.0 0.0.0.255
permit ip any any
!
end
hostname Robocop
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip access-group 100 in
!
interface Loopback0
ip address 2.2.2.1 255.255.255.0
!
access-list 100 permit tcp 1.1.1.0 0.0.0.255 host 2.2.2.2 eq 80
access-list 100 deny ip any any log
!
ip http server
!
end
9 of 9 8.7.2016 12:05