In this article we learn about the
configuration of extended acl for
allow or block a particular port and verify the
configuration using packet tracer.
What is Extended ACL
several criteria which includes source and destination ip address,protocol and source and destination port no.This acl must be placed closest to the source. Range of this acl is <100-199>.
Here we are going to allow and block
particular port using extended acl.
Lab Diagram
 |
| Extended ACL lab for allow and block port using packet tracer |
In the above diagram we have done a
simple lab setup.
Agenda of the lab are:
Pc0
can access the webserver.
Pc1
can not access the webserver.
We will do these configuration using
extended acl through packet tracer.
Configuration of Extended acl
Ip address of the inside network
192.168.1.0/24 and ip address of the outside
network 172.16.0.0/24. After assign the ip address of the devices which is
located at inside and outside premises, we will configure extended acl on
router.To configure extended acl to allow or block port we need to follow below steps.
Router>en
Router#conf
t
Enter
configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list
101 permit tcp host 192.168.1.2 host 172.16.0.2 eq 80
Router(config)#access-list
101 deny tcp host 192.168.1.3 host 172.16.0.2 eq 80
Router(config)#int
gigabitEthernet 0/0
Router(config-if)#ip
access-group 101 in
Router(config-if)#exit
Verify Configuration of Extended acl
After configuration of extended acl on router we
need to verify is it working or not. To verify it we execute the below command.
Router#show ip access-lists
Extended IP access list 101
10 permit tcp host 192.168.1.2 host 172.16.0.2 eq
www
20 deny tcp host 192.168.1.3 host 172.16.0.2 eq www
To verify the another way you can access the webpage
from pc0 through web browser but you can
not access the webpage after configuration of extended acl from pc1.
0 comments:
Post a Comment