Standard access list
The following commands will create a standard access list to allow ip address 10.10.10.10 and block everything else.
# conf t # ip access-list standard 1 # permit 10.10.10.10 # deny any
Extended access list
We can use the extended access list to deny/permit certain protocol such as TCP/UDP/ICMP.
We can also specify the destination address which the standard access list can’t.
The following commands will create a extended access list that will allow only connection from network 10.10.10.0/24 to 220.127.116.11/24 and deny access to anything else.
# conf t # ip access-list extended 100 # permit ip 10.10.10.0 0.0.0.255 18.104.22.168 0.0.0.255 # deny ip any any