Access-Lists
Facts:
1. Implicit Deny All at the end of every list
2. Read from Top to Bottom, Stops reading when match is found
3. New lines are added to the end of list
4. An Undefined Access-List will permit all traffic
5. Deleting an Access-List after applying to an interface causes a Deny Any for all traffic
Creating Standard Access-List
You are permitted or denied based on who you are
access-list <1-99>
Router(config)#access-list 50 deny 150.100.0.0 0.0.255.255
Router(config)#access-list 50 permit any
Router(config-if)#ip access-group 50 <in or out from router perception>
Creating an extended Access-List
access-list <100-199>
Router(config)#access-list 150 deny tcp host 192.168.1.100 150.100.0.0 0.0.255.255 eq 80
Router(config)#access-list 150 permit ip any any
Router(config-if)#ip access-group 50 <in or out from router perception>
Creating named Access-List
flexible. can edit or insert in the middle of existing list
Router(config-ext-nacl)#permit ip 150.100.0.0 0.0.255.255 any
Router(config-ext-nacl)#permit ip any any
Router#sho ip access-lists
Extended IP access list DEMO
10 permit ip 150.100.0.0 0.0.255.255 any
20 permit ip any any
30 deny ip host 150.100.1.50 any
Router#
Dynamic Access-list (Lock and Key)
Time-based Access-list
Verification
sh ip access-list number
No comments:
Post a Comment