Access List:
It is used for filtering or
blocking IP address.There are three types of access lists
1. Standard Access List
It provides packet based
filtering.Standard access list number range from 1-99.It is configured on
destination router.
Configuration:
For blocking
particular IP: Router(config)# access-list
<acl num> deny host <ip
address>
For blocking entire
networks: Router(config)#
access-list <acl num> deny <source ip>
Router(config)
access-list <acl num> permit any
Applying to interface:
router(config) interface f0/0
Router(config-if)# ip
access-group <acl num> in/out –it changes according to the scenario.
2. Extended Access List:
Number range from
100-199 and it provides protocol based filtering.we can configure ACL in source
router or destination router but better on source router.By configuring
extended ACL we can block communication from an IP to IP,network,ip to
network,network to IP.
Configuration:
For blocking telnet and protocol
Router(config)# access-list
<acl num> deny <protocol> <source ip> <destination ip>
eq <port num>
Ping blocking:
Router(config)# access-list 101 deny ICMP host<ip address>
host<destination ip address>
Router(config)# access-list 101 permit ip any any
Applying to interface:
Router(config)# interface f0/0
Router(config-if)# ip access-group <acl num> in
3. Extended Access list:
Router(config)#
ip access-list extended “name”
Router(config-ext-nacl)#
deny ip host <source
IP>host<destination IP>
No comments:
Post a Comment