Monday, 15 April 2013

Basic ACLs

ACL


Objectives


  • Cable network
  • Assign IP addresses
  • Configure network
  • Configure and apply ACLs (standard, extended, and named)
  • Apply ACL to VTY lines
  • Verify configuration

Topology

 

 

 

Configure Standard ACL

Block the .40 network from accessing the .10 network.

R2(config)#ip access-list standard 1
R2(config-std-nacl)#deny 192.168.40.0 0.0.0.255
R2(config-std-nacl)#permit any

R2(config-std-nacl)#int fa0/0
R2(config-if)#ip access-group 1 out


Configure Extended ACL

Block the .30 network from accessing the 10.0.0.8 network

R1(config)#ip access-list extended 100
R1(config-ext-nacl)#deny ip 192.168.30.0 0.0.0.255 10.0.0.8 0.0.0.3
R1(config-ext-nacl)#permit ip any any

R1(config-ext-nacl)#int fa0/1
R1(config-if)#ip access-group 100 in

Configure Named ACL

Block .20 network from accessing the PC with IP address 40.3

R1(config)#ip access-list extended BLOCK_40.3
R1(config-ext-nacl)#deny ip 192.168.20.0 0.0.0.255 host 192.168.40.3
R1(config-ext-nacl)#permit ip any any

R1(config-ext-nacl)#int fa0/0
R1(config-if)#ip access-group BLOCK_40.3 in


Apply ACL to VTY Lines


R4(config)#username admin privilege 15 password cisco
R4(config)#line vty 0 4
R4(config-line)#login local
R4(config-line)#logging synchronous 


R4(config)#ip access-list standard BLOCK_VTY
R4(config-std-nacl)#permit 10.0.0.0 0.0.0.255

R4(config)#line vty 0 4
R4(config-line)#access-class BLOCK_VTY in

Verify ACL 

 

R1





R2





 R4





Complete

No comments:

Post a Comment