ACL

Extended Access Control List

Standard Access Control Lists can filter the IP traffic ONLY based on the source IP address in an IP datagram packet.

Extended Access Control Lists can filter the traffic based on many other factors.

• Source and destination IP addresses.

• Protocols like IP, TCP, UDP, ICMP etc.

• Protocol information Port numbers for TCP and UDP, or message types for ICMP.

Extended Access Control Lists can be created by using the “access-lists” IOS command. The syntax of “access list”IOS command to create a Extended Access Control List is shown below.

Router(config)# access-list [Access_list_number] permit|deny
IP_protocol source_address source_wildcard_mask
[source_protocol_information] destination_address destination_wildcard_mask
[destination_protocol_information] [log]

Access_list_number: For Extended Access Control List, Access list number must be between 100–199 or 2000–2699.

permit | deny: Whether to permit or deny traffic.

IP_protocol: IP protocol to match. The IP protocols can be IP, ICMP, TCP, GRE, UDP, IG RP, EIGRP, IGMP, IPINIP, NOS, and OSPF.

source_address: Source IP address.

source_wildcard_mask: Source wildcard mask. Click the following link to learn more about Access Control List – Wildcard masks.

source_protocol_information: Additional source protocol information like TCP or UDP Port numbers

destination_address: Destination IP address.

destination_wildcard_mask: Destination wildcard mask. Click the following link to learn more about Access Control List – Wildcard masks.

destination_protocol_information: Additional destination protocol information like TCP or UDP Port numbers.

log: Specifies whether logging is required either to console or to a syslog server.

wildcard mask: Instead of specifying a single IP address, you can also permit or deny networks/subnets entirely or partly by using wildcard masks, also known as inverse masks. Wildcard masks is optional in above IOS command.

Posted By – RamCruiseWalker

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s