extended access-list example lab in packet tracer

Posted: March 13, 2017 in CCNA
Tags: , , ,

Extended ACL is more precise than standard ACL.Even we can block a particular ip or range of ip address or network address using extended acl. We can also allow certain hosts and block few as per our requirement using extended acl. Standard ACL is very light weight and hence consume less processing power while extended need more processing power.Here in this lab we will learn to configure and use Extended access-list using an example lab in cisco packet tracer.We will block our clients or a network to access certain servers and allow to access few servers.

 

We want to block all clients in network 1.0.0.0/8 to access server SERVER 0 and SERVER1 but can access SERVER2 and SERVER3
extended aclSTEP 1:First Assign ip address to all as I have mentioned in above Diagram.

 

          STEP2: Configure extended ACL rule on Router.
Router(config)#access-list 100 permit ip 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0

Router(config)#access-list 100 permit ip 1.0.0.0 0.255.255.255 192.168.0.2 0.0.0.0

Router(config)#access-list 100 permit ip 1.0.0.0 0.255.255.255 192.168.0.3 0.0.0.0

Router(config)#access-list 100 deny ip 1.0.0.0 0.255.255.255 172.168.0.1 0.0.0.0

Router(config)#access-list 100 deny ip 1.0.0.0 0.255.255.255 172.168.0.2 0.0.0.0

Router(config)#access-list 100 deny ip 1.0.0.0 0.255.255.255 172.168.0.3 0.0.0.0

 

 STEP 3:Tell the Router interface ETH0/0/0 to follow ACL RULE 100

 

Router(config)#int eth0/0/0

Router(config-if)#ip access-group 100 in

 

 

STEP 4:Now you can Verify Your ACL RULE.

 

Router#show access-lists

Extended IP access list 100

10 permit ip 1.0.0.0 0.255.255.255 host 192.168.0.1

20 permit ip 1.0.0.0 0.255.255.255 host 192.168.0.2

30 permit ip 1.0.0.0 0.255.255.255 host 192.168.0.3 (1 match(es))

40 deny ip 1.0.0.0 0.255.255.255 host 172.168.0.1

50 deny ip 1.0.0.0 0.255.255.255 host 172.168.0.2

60 deny ip 1.0.0.0 0.255.255.255 host 172.168.0.3
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s