Configure port based security using extended acl in packet tracer

extended acl lab

Here in this lab we will learn how to block or allow certain services binded on port.In other way you can that how to block or allow certain port or certain services using extended access-list in cisco packet tracer.This is an example lab showing how to block a certain port and how to allow a certain port using extended ACL.In this lab i am going to allow web services port say port number 80 and going to block FTP services say PORT 21.

STEP 1:First Assign IP Address as i have mentioned in above network topology diagram.

STEP 2:Configure HTTP SERVER(80 ) and FTP SERVER(21) as Mentioned above.

server

STEP 3:CONFIGURE ACL TO BLOCK PORT 21 and ALLOW PORT 80

 

Router(config)#access-list 100 permit tcp 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0 eq 80

Router(config)#access-list 100 deny tcp 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0 eq 21

Router(config)#int fa0/0

Router(config-if)#ip access-group 100 in

Router(config-if)#

 

STEP 4:Verify your acl configuration lab and Test using browser on PC.

 

Router#show ip access-lists

Extended IP access list 100

10 permit tcp 1.0.0.0 0.255.255.255 host 192.168.0.1 eq www

20 deny tcp 1.0.0.0 0.255.255.255 host 192.168.0.1 eq 21

Router#

Discover more from Learn Linux CCNA CCNP CEH CISSP CISA Penetration-Testing Bug Bounty IPv6 Cyber-Security Network-Security Online

Subscribe to get the latest posts sent to your email.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.