Jun 4

With numbered IP access lists to modify a list would have to first delete numbered access list and put it back again with the necessary corrections. In a numbered access list can not delete individual statements.

IP access lists named individual entries can remove a specific list. Deleting individual entries modify access lists without having to remove and reconfigure from scratch. However it is possible to selectively insert items in a list. If you add an item to the list, this is placed at the end of it.

You can not use the same name for multiple access lists. Access lists of different types can not share name.

Configuring a Named Access List

Router (config) # ip access-list [standard | extended] [name]
Router (config [std | ext] nac1) # [permit | deny] [Test conditions]
Router (config [std | ext] nac1) # no [permit | deny] [Test conditions]
Router (config) # interface association of ACL
Router (config-if) # ip access-group [name] [in | out]

To delete a single statement, rather than precede the test condition.
Example of an ACL named “INTRANET” denying traffic to an FTP:

Router (config) # ip access-list extended INTRANET
Router (config-ext-NaCl) # deny tcp eq 21 log Any Any
Router (config-ext-NaCl) # permit ip Any Any
Router (config-ext-NaCl) # exit
Router (config) # interface ethernet 1
Router (config-if) # ip access-group out INTRANET

It was created with the name of an ACL that denies all traffic INTRANET any origin to any destination to port 21, then allow other IP traffic. The command log (optional) is used to send information from the ACL to a server. It is associated with an ethernet interface and outbound.
To add a comment to an ACL:

Router # configure t
Router (config) # access-list [number] remark [comment]

Verifying ACL

Router # show ip interface [interface type] [interface No.]

Check if an access list is associated with an interface.
Displays IP interface information.

Router # show access-list

Displays contents of all access lists:

Router # show access-lists
Standard IP access list 10
deny 192.168.1.0
Extended IP access list 120
Any deny tcp host 204.204.10.1 eq 80
Any Any permit ip
Extended IP access list INTRANET
Any Any deny tcp eq 21 log
Any Any permit ip

Router # show [protocol] access-list [access list No. | name]

Posted in Lab |

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Designed By :Xperwebbuilder.com  All Right Reserved