Configure port based security using extended acl in packet tracer

Posted: 14 Mar 2017 in CCNA
Tags: , , ,
0

extended acl lab

Here in this lab we will learn how to block or allow certain services binded on port.In other way you can that how to block or allow certain port or certain services using extended access-list in cisco packet tracer.This is an example lab showing how to block a certain port and how to allow a certain port using extended ACL.In this lab i am going to allow web services port say port number 80 and going to block FTP services say PORT 21.

STEP 1:First Assign IP Address as i have mentioned in above network topology diagram.

STEP 2:Configure HTTP SERVER(80 ) and FTP SERVER(21) as Mentioned above.

server

STEP 3:CONFIGURE ACL TO BLOCK PORT 21 and ALLOW PORT 80

 

Router(config)#access-list 100 permit tcp 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0 eq 80

Router(config)#access-list 100 deny tcp 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0 eq 21

Router(config)#int fa0/0

Router(config-if)#ip access-group 100 in

Router(config-if)#

 

STEP 4:Verify your acl configuration lab and Test using browser on PC.

 

Router#show ip access-lists

Extended IP access list 100

10 permit tcp 1.0.0.0 0.255.255.255 host 192.168.0.1 eq www

20 deny tcp 1.0.0.0 0.255.255.255 host 192.168.0.1 eq 21

Router#

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.