March 5

Cisco Access Control List Edit Tips

Decide Inbound or Outbound traffic?

image you are the router or switch.

Inbound: traffic arriving the router  Outbound: traffic leaving the router

An access-list applied outbound to a vlan interface filters traffic going TO machines on that vlan.

An access-list applied inbound to a vlan filters traffic coming FROM machines on that vlan.

 

To configure an Access List you must do the following two steps:

•    The first step is to create an Access List definition.

Standard : filters based on source  Range 1-99 or 1300-1999

Extended: filters based on source and destination protocol and port number.  Range 100-199 or 2000-2699

Access-list 110 permit/deny protocol  source address (+port number) destination address (+port number)

access-list 110 permit udp 10.0.0.0 0.0.0.255 eq bootpc  host 192.168.0.7 eq bootps

•    The second step is to apply it to an Interface.

int vlan 20

ip access-group 110 in (or out)

 

Show access-list

How to edit existing access control list rules

conf t

ip access-list extended 110

no 10 (order number) permit ip any any   (remove a rule)   or just no 10

15 permit ip any any ( add a rule between 10 and 20)

 

Related Posts:


Posted March 5, 2019 by Ray in category "Cisco

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.