IP Access List

Access-Lists

Facts:
1. Implicit Deny All at the end of every list
2. Read from Top to Bottom, Stops reading when match is found
3. New lines are added to the end of list
4. An Undefined Access-List will permit all traffic
5. Deleting an Access-List after applying to an interface causes a Deny Any for all traffic

Creating Standard Access-List
You are permitted or denied based on who you are
access-list <1-99>
Router(config)#access-list 50 deny 150.100.0.0 0.0.255.255 

Router(config)#access-list 50 permit any
Router(config-if)#ip access-group 50 <in or out from router perception>

Creating an extended Access-List
access-list <100-199>
Router(config)#access-list 150 deny tcp host 192.168.1.100 150.100.0.0 0.0.255.255 eq 80
Router(config)#access-list 150 permit ip any any
Router(config-if)#ip access-group 50 <in or out from router perception>

Creating named Access-List
flexible. can edit or insert in the middle of existing list
Router(config-ext-nacl)#permit ip 150.100.0.0 0.0.255.255 any
Router(config-ext-nacl)#permit ip any any

Router#sho ip access-lists
Extended IP access list DEMO
    10 permit ip 150.100.0.0 0.0.255.255 any
    20 permit ip any any
    30 deny ip host 150.100.1.50 any

Router#


Dynamic Access-list (Lock and Key)
Time-based Access-list


Verification
sh ip access-list number