Configure port based security using extended acl in packet tracer

Posted: March 14, 2017 in CCNA
Tags: , , ,

extended acl lab

Here in this lab we will learn how to block or allow certain services binded on port.In other way you can that how to block or allow certain port or certain services using extended access-list in cisco packet tracer.This is an example lab showing how to block a certain port and how to allow a certain port using extended ACL.In this lab i am going to allow web services port say port number 80 and going to block FTP services say PORT 22.

STEP 1:First Assign IP Address as i have mentioned in above network topology diagram.
STEP 2:Configure HTTP SERVER(80 ) and FTP SERVER(22) as Mentioned above.

server

STEP 3:CONFIGURE ACL TO BLOCK PORT 22 and ALLOW PORT 80

 

Router(config)#access-list 100 permit tcp 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0 eq 80

Router(config)#access-list 100 deny tcp 1.0.0.0 0.255.255.255 192.168.0.1 0.0.0.0 eq 22

Router(config)#int fa0/0

Router(config-if)#ip access-group 100 in

Router(config-if)#

 

STEP 4:Verify your lab and Test using browser on PC.

 

Router#show ip access-lists

Extended IP access list 100

10 permit tcp 1.0.0.0 0.255.255.255 host 192.168.0.1 eq www

20 deny tcp 1.0.0.0 0.255.255.255 host 192.168.0.1 eq 22

Router#
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s