Configuring ACL on Cisco Routers.
1.Deny Any Traffic from 192.168.0.103 to R1
2.Deny telnet from 192.168.0.103 to R1
3.Block any traffic to networkers.af
4.permit only telnet traffic from 192.168.0.103 and deny all others
5.Apply reflexive ACL on R1 so that on the traffic can be allowed from R1.
1.Deny Any Traffic from 192.168.0.103 to R1
R1
conf t
access-list 1 deny 192.168.0.103 0.0.0.0
access-list 1 permit any
int e0
ip access-group 1 in
!This command applies access-list on interface e0 inbound
exit
--------------------------
Same example with NAmed ACL
---------------------------
conf t
ip access-list standard DENYHOST
deny 192.168.0.103 0.0.0.0
permit any
exit
int e0
ip access-group DENYHOST in
exit
2.Deny telnet from 192.168.0.103 to R1
conf t
no access-list 1
access-list 10 deny 192.168.0.103 0.0.0.0
line vty 0 4
access-class 10 in
!This command applies ACL 10 on line vty inbound
3.Block any traffic to networkers.af
R1
conf t
access-list 101 deny tcp any host 205.209.127.53 eq www
OR
access-list 101 deny tcp 192.168.0.0 0.0.255.255 host 205.209.127.53 eq www
4.permit only telnet traffic from 192.168.0.103 and deny all others
no access-list 101
access-list 100 permit tcp host 192.168.0.103 host 192.168.0.1 eq telnet
!This command permits only host 192.168.0.103 to the router 1 which has an ip 192.168.0.1. As we know there is a deny all at the end so all others will be automatically denied from doing telnet to the R1 VTY lines.
line vty 0 4
access-class 100 in
exit
show access-lists
---------------
NAMED ACL
--------------
conf t
ip access-list standard DENYHOST
deny 192.168.0.103 0.0.0.0
permit any
exit
int e0
ip access-group DENYHOST in
exit
when you do show access-list, you will some some numbers before the acl entry.
that number is called the sequence number and you can edit the acl with that
for example
ip access-list standard DENYHOST
no 20
15 permit any
by doing no 20, it will remove the acl entry number 20 and will add a new entry with the second command.
for initial configuration of Router, switch or AP visit link below
initial configuration of Router, Switch or AP
No comments:
Post a Comment