How to create a Standard Access Control List (ACL) using the "access-list" IOS command to filter telnet traffic
How to create an Extended Named Access Control List (ACL) using "access-list" IOS command
To create an Extended Access Control List (ACL) , to deny Workstation03 (IP address - 172.16.0.12/16) from 172.16.0.0/16 network, from accessing the Web Server (IP address - 172.20.0.5/16) at 172.20.0.0/16 network, we use the "access-list" IOS command from the global configuration mode of Router01 (which is near to the source) , as shown below.
Router03>enable
Router03#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router03(config)#access-list 55 permit 172.18.0.12 0.0.0.0
Router03(config)#access-list 55 deny any
Router03(config)#exit
Router03#
Router03#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router03(config)#access-list 55 permit 172.18.0.12 0.0.0.0
Router03(config)#access-list 55 deny any
Router03(config)#exit
Router03#
The IOS command "access-list 55 permit 172.18.0.12 0.0.0.0" permit traffic from host 172.18.0.12.
The IOS command "access-list 55 deny any" deny any other traffic.
How to apply the Standard Access Control Lists (ACL) to the router using the "access-class" command to filter telnet or SSH traffic
The Standard Access Control List (ACL) created before can be applied to VTY lines to permit telnet or SSH traffic from only from 172.18.0.12, follow these steps.
Router03>enable
Router03#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router03(config)#line vty 0 4
Router03(config-line)#access-class 55 in
Router03(config-line)#exit
Router03(config)#exit
Router03#
Router03#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router03(config)#line vty 0 4
Router03(config-line)#access-class 55 in
Router03(config-line)#exit
Router03(config)#exit
Router03#
No comments:
Post a Comment