Difference between revisions of "IOS: Access List (ACLs)"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Configuring IP Access Lists: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#acltypes
 
Configuring IP Access Lists: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#acltypes
 +
  
 
Types of ACLs:  
 
Types of ACLs:  
Line 6: Line 7:
 
* Lock and Key (Dynamic ACLs)
 
* Lock and Key (Dynamic ACLs)
 
* IP Named ACLs, Reflexive ACLs, Time-Based ACLs Using Time Ranges, Commented IP ACL Entries, Context-Based Access Control, Authentication Proxy, Turbo ACLs, Distributed Time-Based ACLs, Receive ACLs, Infrastructure Protection ACLs, Transit ACLs.
 
* IP Named ACLs, Reflexive ACLs, Time-Based ACLs Using Time Ranges, Commented IP ACL Entries, Context-Based Access Control, Authentication Proxy, Turbo ACLs, Distributed Time-Based ACLs, Receive ACLs, Infrastructure Protection ACLs, Transit ACLs.
 +
 +
 +
Process: Define ACL + Apply ACL to interface
  
  
 
* <code>[[show access-list]]</code>
 
* <code>[[show access-list]]</code>
 
* <code>[[show ip access-list]]</code>
 
* <code>[[show ip access-list]]</code>
 +
 +
 
* <code>router(config)#access-list 101 deny icmp any any</code>
 
* <code>router(config)#access-list 101 deny icmp any any</code>
 
* <code>router(config)#access-list 101 permit ip any any</code>
 
* <code>router(config)#access-list 101 permit ip any any</code>
Line 21: Line 27:
  
  
 +
To apply ACLs:
 
* <code>[[ip access-group]]</code> to apply an IPv4 access control list (ACL) to a Layer 3 interface
 
* <code>[[ip access-group]]</code> to apply an IPv4 access control list (ACL) to a Layer 3 interface
  
 
* <code>[[copy running-config startup-config]]</code>
 
* <code>[[copy running-config startup-config]]</code>
 +
 +
== Related terms ==
 +
* [[VLAN Access-List (VACL)]]
  
  

Latest revision as of 09:04, 14 April 2021

Configuring IP Access Lists: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#acltypes


Types of ACLs:

  • Standard ACLs
  • Extended ACLs
  • Lock and Key (Dynamic ACLs)
  • IP Named ACLs, Reflexive ACLs, Time-Based ACLs Using Time Ranges, Commented IP ACL Entries, Context-Based Access Control, Authentication Proxy, Turbo ACLs, Distributed Time-Based ACLs, Receive ACLs, Infrastructure Protection ACLs, Transit ACLs.


Process: Define ACL + Apply ACL to interface



  • router(config)#access-list 101 deny icmp any any
  • router(config)#access-list 101 permit ip any any


  • router(config)#ip access-list extended test
  • router(config-ext-nacl)#permit ip host 2.2.2.2 host 3.3.3.3
  • router(config-ext-nacl)#permit tcp host 1.1.1.1 host 5.5.5.5 eq www
  • router(config-ext-nacl)#permit icmp any any
  • router(config-ext-nacl)#permit udp host 6.6.6.6 10.10.10.0 0.0.0.255 eq domain


To apply ACLs:

  • ip access-group to apply an IPv4 access control list (ACL) to a Layer 3 interface

Related terms[edit]


See also[edit]

Advertising: