Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
5 Cards in this Set
- Front
- Back
Creating Extended ACLs 1 1Router(config)#access-list 110 permit tcp 172.16.0.0 0.0.0.255 192.168.100.0 0.0.0.255 eq 80 |
1 Read this line to say, “HTTPpackets with a source IPaddress of 172.16.0.x willbe permitted to travel to thedestination address192.168.100.x.” |
|
Creating Extended ACLs (COMMAND BREAKDOWN 1) 1 access-list | 6 0.0.0.255 2 110 | 7 192.168.100.0 3 permit | 8 0.0.0.255 4 tcp | 9 eq 5 172.16.0.0 | 10 80 |
1 ACL command. 2 Number is between 100 and199, or 2000 and 2699,designating this as anextended IP ACL. 3 Packets that match thisstatement will be allowed tocontinue. 4 Protocol must be TCP. 5 Source IP add to becompared to. 6 Wildcard mask for thesource IP add. 7 Destination IP add to becompared to. 8 Wildcard mask for thedestination IP add. 9 Operand, means “equal to.” 10 Port 80, indicating HTTPtraffic. |
|
Creating Extended ACLs (COMMAND BREAKDOWN 2) 1 Router(config)#access-list 110 deny tcp any192.168.100.7 0.0.0.0 eq 23 |
1 Read this line to say, “Telnetpackets with any source IPaddress will be dropped ifthey are addressed tospecific host192.168.100.7.” |
|
Creating Extended ACLs (COMMAND BREAKDOWN 2) 1 access-list | 6 192.168.100.7 2 110 | 7 0.0.0.0 3 deny | 8 eq 4 tcp | 9 23 5 any | |
1 ACL command. 2 Number is between 100 and199, or 2000 and 2699,designating this as anextended IP ACL. 3 Packets that match thisstatement will be droppedand discarded. 4 Protocol must be TCP protocol. 5 Any source IP address. . 6 Destination IP address to be compared to. 7 Wildcard mask; address must match exactly 8 Operand, means “equal to.” 9 Port 23, indicating Telnet traffic. |
|
Applying Extended ACLs to an Interface 1 Router(config)#interface fastethernet 0/0 2 Router(config-if)#ip access-group 110 out |
Moves to interfaceconfiguration mode andtakes all access list linesthat are defined as beingpart of group 110 andapplies them in anoutbound manner. Packetsgoing out fastethernet 0/0will be checked. *TIP: Access lists can be applied in either an inbound direction (keyword in) or inan outbound direction (keyword out). *TIP: Only one access list can be applied per interface, per direction. *TIP: Apply an extended ACL as close as possible to the source network or device. |