CCNA Extended ACL (access control list) || IPv4 || ACL Standard number 100-199 || Number based
What is an ACL? An ACL is a list of permit or deny rules detailing what can or can’t enter or leave the interface of a router. Every packet that attempts to enter or leave a router must be tested against each rule in the ACL until a match is found. If no match is found, then it will be denied.
=====
When you refer to a router, these terms have these meanings.
Out—Traffic that has already been through the router and leaves the interface. The source is where it has been, on the other side of the router, and the destination is where it goes.
In—Traffic that arrives on the interface and then goes through the router. The source is where it has been and the destination is where it goes, on the other side of the router.
Inbound —If the access list is inbound, when the router receives a packet, the Cisco IOS software checks the criteria statements of the access list for a match. If the packet is permitted, the software continues to process the packet. If the packet is denied, the software discards the packet.
Outbound—If the access list is outbound, after the software receives and routes a packet to the outbound interface, the software checks the criteria statements of the access list for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet.
==
this video configuration Extended ACL
!— This command is used to deny wrb traffic !— from machine 192.168.1.2 to machine 192.168.3.4.
#access-list 101 deny tcp host 192.168.1.2 host 192.168.3.4 eq www
— other all ip traffic allow —
#access-list 101 Permits ip any any
==
CCNA,ACL,Access-list,EXTANDERD ACL,BLOCK traffic,CISOC,cisco router ,cisco router Acl ,cisco switch ,cisoc ACl ,cisco filter traffic,
===
Example 1:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip access-list extended 101
Router(config-ext-nacl)#5 deny tcp any any eq telnet
Router(config-ext-nacl)#exit
Router(config)#exit
Router#
In the show access-list command output, the sequence number 5 ACL is added as the first entry to the access-list 101.
Router#show access-list
Extended IP access list 101
5 deny tcp any any eq telnet
10 permit tcp any any
20 permit udp any any
30 permit icmp any any
Router#
Example 2:
internet router#show access-lists
Extended IP access list 101
10 permit tcp any any
15 permit tcp any host 172.162.2.9
20 permit udp host 172.16.1.21 any
30 permit udp host 172.16.1.22 any
internetrouter#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
internetrouter(config)#ip access-list extended 101
internetrouter(config-ext-nacl)#18 per tcp any host 172.162.2.11
internetrouter(config-ext-nacl)#Z
internetrouter#show access-lists
Extended IP access list 101
10 permit tcp any any
15 permit tcp any host 172.162.2.9
18 permit tcp any host 172.162.2.11
20 permit udp host 172.16.1.21 any
30 permit udp host 172.16.1.22 any
=====
You any one access-list no to all access-list not
====
Router#show ip access-lists
Extended IP access list 102
10 deny tcp host 192.168.1.2 host 192.168.3.4 eq www (80 matches)
20 permit ip any any (10 match(es))
30 deny tcp host 192.168.1.2 192.168.2.0 0.0.0.255
40 deny ip any any
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no access-list 102 deny ip any any
Router(config)# access-list 102 per ip any any
Router#
Router#show ip access-lists
Extended IP access list 102
10 permit ip any any
=====
ipv4
