Here in this lab we will learn how to block or allow certain services binded on port.In other way you can that how to block or allow certain port or certain services using extended access-list in cisco packet tracer.This is an example lab showing how to block a certain port and how to allow a certain port using extended ACL.In this lab i am going to allow web services port say port number 80 and going to block FTP services say PORT 21.
STEP 1:First Assign IP Address as i have mentioned in above network topology diagram.
STEP 2:Configure HTTP SERVER(80 ) and FTP SERVER(21) as Mentioned above.
STEP 3:CONFIGURE ACL TO BLOCK PORT 21 and ALLOW PORT 80
Router(config)#access-list 100 permit tcp 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0 eq 80 Router(config)#access-list 100 deny tcp 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0 eq 21 Router(config)#int fa0/0 Router(config-if)#ip access-group 100 in Router(config-if)#
STEP 4:Verify your acl configuration lab and Test using browser on PC.
Router#show ip access-lists Extended IP access list 100 10 permit tcp 1.0.0.0 0.255.255.255 host 192.168.0.1 eq www 20 deny tcp 1.0.0.0 0.255.255.255 host 192.168.0.1 eq 21 Router#