ACLs are used to filter network traffic, routing updates, matching packets and a lot of different uses. Main usage is restrict network traffic to unwanted systems.
The access control lists have numbers and can also have text as identifiers, each number or string represents a specific access control list.
There are may types of Access Control Lists, the most common ones are;
IP Standard Access List
List numbers 1-99, can only define source or destination, not source and destination.
IP Extended Access List
List numbers 100-199, can define both source and destination as well as port and protocol numbers.
A IP standard access control list with two entries is configured like this
Router#conf t
Router(config)#ip access-list standard 5
Router(config-std-nacl)#5 permit 192.168.0.0 0.0.0.255
Router(config-std-nacl)#10 permit 192.168.1.0 0.0.0.255
To apply this inbound on an interface, just use
Router#conf t
Router(config)#int te 1/1
Router(config-if)#ip access-group 5 in
The alternative way to define an access list number 5 with two entries is
Router#conf t
Router(config)#access-list 5 permit 192.168.0.0 0.0.0.255
Router(config)#access-list 5 permit 192.168.1.0 0.0.0.255
Router(config)#
To apply this one inbound on a line interface
Router#conf t
Router(config)#line vty 1
Router(config-line)#access-class 5 in
IPV6 usage of Access Lists
Router#conf t
Router(config)#ipv6 access-list myfirewall
Router(config-ipv6-acl)#permit 3ffe:200::/32 any
Router(config-ipv6-acl)#permit 3ffe:100::/32 any
To verify the access-lists just look at this
Router#show access-lists myfirewall
IPv6 access list myfirewall
permit ipv6 3FFE:200::/32 any sequence 10
permit ipv6 3FFE:201::/32 any sequence 20
Router#
To apply this IPv6 Access Control List to an interface, just do as follows
Router#conf t
Router(config)#int te 1/1
Router(config-if)#ipv6 traffic-filter myfirewall in
To apply this IPv6 access control list to a line
Router#conf t
Router(config)#line vty 1
Router(config-line)#ipv6 access-class myfirewall in
Thursday, March 12, 2009
IPV4 and IPV6 Access Control Lists on Cisco IOS
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment