LAB 10 1 - Sguinther/Fall2021-NET330-guinther GitHub Wiki
Standard Access List
- ip access-list standard access list name - creates a standard ACL
- deny network address wildcard mask (when you need to deny a specific network connection)
- deny host device ip address (when you need to deny a specific client connection)
- permit any
Extended Access List
- deny ip network address (192.168.10.0) wildcard mask (0.0.0.255) host ip address being blocked (200.200.200.1 or any other)
- permit ip any any
- exit
- int interface that is establishing connection (serial 0/0/0)
- ip access-group -access list name_ out
VTY lines
- ip access-list STND-2
- permit 10.2.2.0 0.0.0.3
- exit
- line vty 0 15 (all lines)
- access-class STND-2 in
- exit
Bonus Implementation Server Implementation
- permit tcp any host web server ip (192.168.20.201) eq 80 (port number)
- deny ip any host web server ip (192.168.20.201)
- permit ip any any
This allows the web server to be accessed via port 80 It also denies any icmp connection from accessing the web server (still allows other traffic)
- int outbound interface of web server 0/0 or if serial 0/0/0
- ip access-group access list name out