What is Extended ACL and How to Configure Extended ACL
An extended ACL (access list) can evaluate other fields of an IP packet
layer 3 and layer 4 headers. An extended ACL can evaluate the protocol field at the header
of the network layer, the port number at the header of the transport layer, and
the source and destination IP addresses. When controlling the traffic, this
gives extended access lists the ability to make more granular decisions.
 |
| How to Configure Extended ACL |
Router> enable
Router# configure
terminal
Enter configuration
commands, one per line. End with CNTL / Z.
Router
(config) # hostname R1
R1
(config) # interface serial 0/1/0
R1 (config-if) # ip
address 3.0.0.1 255.0.0.0
R1 (config-if) #clock
rate 64000
R1 (config-if) #keepalive
12
R1 (config-if) #no
shutdown
%LINK-5-CHANGED:
Interface Serial0/1/0, changed state to down
R1 (config-if) #exit
R1
(config) # interface fastethernet0/0
OR
R1
(config) # int fa0/0
R1 (config-if) # ip
address 1.0.0.20 255.0.0.0
R1 (config-if) #no
shutdown
 |
| Interface Status up |
R1 (config-if) #end
R1#
Router> enable
Router# configure
terminal
Enter configuration
commands, one per line. End with CNTL / Z.
Router
(config) # hostname R2
R2 (config) # interface
serial 0/1/0
R2 (config-if) # ip
address 3.0.0.2 255.0.0.0
R2 (config-if) #keepalive
12
R2 (config-if) #no
shutdown
 |
| Interface Status up |
R2 (config-if) #exit
R2
(config) # interface fastethernet0/0
OR
R2
(config) # int fa0/0
R2 (config-if) # ip
address 2.0.0.20 255.0.0.0
R2 (config-if) #no
shutdown
 |
| Interface Status up |
R2 (config-if) #end
R2#
R1#
show ip route
 |
| IP Route Status |
R1#
Router R2
R2#
show ip route
 |
| IP Route Status |
R2#
Router R1
R1# configure terminal
R1
(config) # ip route 2.0.0.0 255.0.0.0 3.0.0.2
Router R2
R2# configure terminal
R2
(config) # ip route 1.0.0.0 255.0.0.0 3.0.0.1
Router R1
R1#
show ip route
 |
| IP Route Status |
R1#
Router R2
R2#
show ip route
 |
| IP Route Status |
R2#
R2# configure terminal
R2
(config) # enable password Networking123
R2 (config) # line vty
0 4
R2
(config-line) # password Ithome16
R2 (config-line) #
login
Note: On the router R2 the password is configured so that using telnet the devices can access the router R2.
R2 (config-line) # exit
R2 (config) #
R2 (config) #
access-list?
<1-99> IP
standard access list
<100-199>
IP extended access list
R2
(config) # access-list 115?
 |
| Access-List Options |
R2
(config) # access-list 115 deny?
 |
| Access-List Deny Source |
R2
(config) # access-list 115 deny tcp 3.0.0.1?
A.B.C.D Source
wildcard bits
R2
(config) # access-list 115 deny tcp 3.0.0.1 0.0.0.0?
 |
| Access-List Deny Source Address |
R2
(config) # access-list 115 deny tcp 3.0.0.1 0.0.0.0 3.0.0.2?
A.B.C.D Destination
wildcard bits
R2
(config) # access-list 115 deny tcp 3.0.0.1 0.0.0.0 3.0.0.2 0.0.0.0?
 |
| Access-List Deny Source Address on Port |
R2
(config) # access-list 115 deny tcp 3.0.0.1 0.0.0.0 3.0.0.2 0.0.0.0 eq?
 |
| Access-List Deny Telnet |
R2
(config) # access-list 115 deny tcp 3.0.0.1 0.0.0.0 3.0.0.2 0.0.0.0 eq 23?
R2 (config) #access-list
115 permit ip any any
R2 (config) #
Note: It will just deny the host 3.0.0.1 to get to 3.0.0.2 for telnet traffic and from all sources, all other traffic is allowed.
R2 (config) # int s
0/1/0
R2 (config-if) # ip
access-group 115 in
R2 (config) # end
R2#
R1#
ping 3.0.0.2
 |
| Successful Ping Status |
R1#
telnet 3.0.0.2
 |
| Unsuccessful Telnet Ping Status |
R2#show
access-lists 115
 |
| Access-List Status |
R2
(config) # int s0/1/0
R2 (config-if) # no ip
access-group 115 in
R2 (config-if) #end
R2#
R1#
telnet 3.0.0.2
 |
| Successful Telnet Ping Status |
R1#
Search
Tags
- What is an extended ACL
- How do I configure ACLs
- How to Configure Extended ACL
- Extended ACL configuration in packet tracer
If you want to configure Named ACL and Standard ACL then visit below link: 👇
0 Comments