How to configure Extended ACL on Cisco Routers?

author
,
Cisco lover
  • Total 1 Answer
  • 5449
Can You answer this question?
author
,
CCNA Routing and Switching

Extended Acess Control List ( ACl )  :

- Using Extended Acl we can match Source_ip/Source Network and Destination_ip/Destination_Network and layer 3 protocol  and/or a layer 7 protocol using port numbers.

- Extended Acl is applied near to destination .

- One Acl can be applied per interface , per-direction and per layer 3 protocol.

Syntax: 

(config)#access-list < Protocol >

ACL_Number  = 100-199 , 2000-2699

Protocol : ip ( mean any protocol ) , Eigrp , OSPF , ICMP , TCP , UDP.

Application layer protocol : Telnet,SSH,FTP-data , FTP-control , DHCP, DNS

Task: 

 

1. PC1 cannot ping R2 but can Telnet R2 .

R1(config)#access-list 100 deny icmp host 10.0.0.1 host 12.0.0.2

R1(config)#acess-list 100 pernit ip any any 

R1(config)#interface fa0/0    - R1 interface connected to PC1

R1(config-if)#ip acess-group 100 in

R1(config-if)#exit

To verify : 

R1(config)#do show access-list