E-Lab 11.2.6 - Access Control Lists
Practice using ACLs to filter IP traffic.
Configure a standard access list and an extended access list.
Step 1
Enter into privileged EXEC mode.
Step 2.1
Enter global configuration mode.
Step 2.2
Configure a standard access list entry numbered 1 to allow traffic from the 11.0.0.0 network.
Due to the implicit deny at the end of the access list, this will permit only users from 11.0.0.0 to access the network.
Step 3
Build an extended access list entry numbered 101 to deny traffic from the local 12.0.0.0 network to access any destination FTP server.
Step 4
Now add an entry to access list 101 to permit all other IP traffic from any source to any destination.
Step 5
Return to privileged EXEC mode.
Step 6
View the currently defined access list.
Step 7
Enter global configuration mode.
Step 8
Change to interface configuration mode for serial 0 to apply an access list.
Step 9
Apply extended access list 101 to Serial 0 to filter outgoing packets.
Step 10
Return to privileged EXEC mode.
Step 11
Verify that the access list has been applied to serial 0.
Step 12
Enter global configuration mode.
Step 13
Now use access list to secure telnet access into the router.
Enter line configuration mode for vty lines 0 through 4.
Step 14
Apply standard access list 1 to the vty lines for the incoming direction.