Tags

, , ,

Standard access list

The following commands will create a standard access list to allow ip address 10.10.10.10 and block everything else.

# conf t
# ip access-list standard 1
# permit 10.10.10.10
# deny any

 

Extended access list

We can use the extended access list to deny/permit certain protocol such as TCP/UDP/ICMP.

We can also specify the destination address which the standard access list can’t.

The following commands will create a extended access list that will allow only connection from network 10.10.10.0/24 to 20.20.20.0/24 and deny access to anything else.

# conf t
# ip access-list extended 100
# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
# deny ip any any

 

Advertisements