Posted in Networking

IP Access List Command List

Configuring access lists involves two general steps:

  1. Create the list and list entries with the access-list command
  2. Apply the list to a specific interface with the ip access-group command

Examples
The following commands create a standard IP access list that permits all outgoing traffic except the traffic from network 10.0.0.0, and applies the list to the Ethernet0 interface.

Router(config)#access-list 1 deny 10.0.0.0 0.255.255.255
Router(config)#access-list 1 permit any
Router(config)#int e0
Router(config-if)#ip access-group 1 out

The following commands create a standard IP access list that rejects all traffic except traffic from host 10.12.12.16, and applies the list to the Serial0 interface.

Router(config)#access-list 2 permit 10.12.12.16
Router(config)#int s0
Router(config-if)#ip access-group 2 in

Note: Remember that each access list contains an explicit deny any entry. When created, the access list denies all traffic except traffic explicitly permitted by permit statements in the list.

The following commands create an extended IP access list that rejects packets from host 10.1.1.1 sent to host 15.1.1.1, and applies the list to the second serial interface.

Router(config)#access-list 101 deny ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0
Router(config)#access-list 101 permit ip any any 
Router(config)#int s1
Router(config-if)#ip access-group 101 in

The following commands create an extended IP access list that does not forward TCP packets from any host on network 10.0.0.0 to network 11.12.0.0, and applies the list to the first serial interface.

Router(config)#access-list 111 deny tcp 10.0.0.0 0.255.255.255 11.12.0.0 0.0.255.255
Router(config)#access-list 111 permit ip any any 
Router(config)#int s0
Router(config-if)#ip access-group 111 in

 

 

Author:

Teman yang baik, teman yang memaksa anda untuk terus berkembang...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s