Extended Access Control List

Extended ACL is implemented on the bases of source, Destination and Application. The application are telnet, ICMP, HTTP, SMTP etc it also work on port no of that application. As Remember that the router 1 ip scheme is 200.100.100.0 and Router2 ip scheme is 192.168.10.0

Extended Access Control List

 

 

To allow the traffic of Router 2 on Router 1 for every application

  • Router1(config)# Access-list 100 permit ip 192.168.10.0 0.0.0.255 200.100.100.0 0.0.0.255
  • Router1(config)# access-list 100 deny any any
  • Router1(config)# int s0
  • Router1(config_if)# ip access-group 100 in
  • Router1(config_if)# exit

 To allow all the traffic of Router 2 on Router 1 for 1st 7 computer

  • Router1(config)# Access-list 100 permit ip 192.168.10.0 ¬†0.0.0.255 200.100.100.0 0.0.0.7
  • Router1(config)# access-list 100 deny any any
  • Router1(config)# int s0
  • Router1(config_if)# ip access-group 100 in
  • Router1(config_if)# exit

 To block the traffic for pinging Router 1 from Router 2 computer

  • Router1(config)# Access-list 100 deny tcp 192.168.10.0 ¬†0.0.0.255 200.100.100.0 0.0.0.255 eq ICMP
  • Router1(config)# access-list 100 permit any any
  • Router1(config)# int s0
  • Router1(config_if)# ip access-group 100 in
  • Router1(config_if)# exit

 To allow the computer of Router 2 for just browsing the Web Server of the Router1 and the ip of the web server is 200.100.100.50

  • Router1(config)# Access-list 100 permit tcp
  • 192.168.10.0 0.0.0.0.255

200.100.100.50 0.0.0.0  eq 80 (or http)

  • Router1(config)# access-list 100 deny ip any any
  • Router1(config)# int s0
  • Router1(config_if)# ip access-group 100 in
  • Router1(config_if)# exit

Type of ACL

  1. Standard ACL     (1-99)
  2. Extended ACL     (100-999

Copyright ©2010 -  2019 Ciscoforall.com | Privacy Policy