Tuesday, October 23, 2012

How to Use Cisco IOS Access Lists


Remember that an Access-List (ACL) is used to specify network traffic. Once you specify traffic with an ACL, you can then do a variety of things with it. For example, you could allow it, deny it, limit it, or use it to restrict routing updates. We will also explain how to filter traffic with an ACL because this is the most common use.

Example of Filtering with an Access-list

Now, let me provide an example of how to filter inbound traffic with access-list. Here is our sample network:

Example of Restricting Telnet access with an Access-list

Quickly, let me provide another example of using an ACL. Say that you are still on the Chicago router. You want to only allow your PC’s IP address (on the Chicago LAN) access to TELNET, to the router. Yes, you could do this with an ACL on the Interface but, instead, let’s do it by using the access-class statement on the vty lines. To do this, you only need a standard access-list. Say that your PC’s IP address is 10.10.2.100. First, create an access-list to specify traffic with that source, like this:
http://www.petri.co.il/images/csc_cisco_ios_access_lists_09.jpg
Next, apply this ACL to all 5 VTY lines using the vty range configuration, using the access-class statement, like this:
http://www.petri.co.il/images/csc_cisco_ios_access_lists_10.jpg 
By creating this ACL and applying it to all 5 VTY lines, we are saying that only IP address 10.10.2.100 can TELNET to this Cisco router. 
This is just another example of the many uses of an ACL.

No comments:

Post a Comment