Configure the ACL Access Control List

Standard ACL: Router (config) # access-list1permit192.168.2.00.0.0.255Router (config) # access-list1denyanyRouter (config) # intf01Router (config-if) # ipaccess-group1in extension ACL: Router (config) # access-list101permittcp192.168.1.00.0.0.

Standard ACL: Router (config) # access-list 1 permit 192.168.2.0 0.0.255 Router (config) # access-list 1 deny any Router (config) # int f0/1 Router (config-if) # ip access-group 1 in extended ACL: Router (config) # access-list 101 permit tcp 192.168.1.0 0.0.0.

Standard ACL:

Router (config) # access-list 1 permit 192.168.2.0 0.0.255

Router (config) # access-list 1 deny any

Router (config) # int f0/1

Router (config-if) # ip access-group 1 in

Extended ACL:

Router (config) # access-list 101 permit tcp 192.168.1.0 0.0.255 host 192.168.100.1 eq www

Router (config) # access-list 101 deny ip 192.168.2.0 0.0.255 192.168.3.0 0.0.255

Router (config) # int f0/1

Router (config-if) # ip access-group 101 in

ConfigurationThe router device only allows the IP address of the network management area to log on via TELNET, andConfigurationDeviceUser NameIt is benet, And the password is test:

Router (config) # access-list 1 permit 192.168.2.0 0.0.255

Router (config) # username benet password test

Router (config) # line vty 0 4

Router (config-line) # login local

Router (config-line) # access-class 1 in

Router (config-line) # exit

Both Intranet hosts canAccessServer, Internet only allowAccessPort 80 of the server (vlan100 ):

Router (config) # access-list 100 permit ip 192.168.0.0 0.0.255.255 host 192.168.100.2

Router (config) # access-list 100 permit tcp any host 192.168.100.2 eq 80

Router (config) # access-list 100 deny ip any

Router (config) # int vlan 100

Router (config-if) # ip access-group 100 out

Router (config-if) # exit

Allow hosts in 192.168.3.0/24 network segmentsAccessServer, but notAccessOther network segments cannotAccessInternet:

Router (config) # access-list 101 permit ip 192.168.3.0 0.0.255 host 192.168.100.2

Router (config) # access-list 101 deny ip any

Router (config) # int vlan 3

Router (config-if) # ip access-group 101 in

Router (config-if) # exit

Allow hosts with CIDR blocks of 192.168.4.0/24AccessServer, but notAccessOther CIDR blocks.AccessInternet:

Router (config) # access-list 102 permit ip 192.168.4.0 0.0.255 host 192.168.100.2

Router (config) # access-list 102 deny ip 192.168.4.0 0.0.255 192.168.0.0 0.0.255.255

Router (config) # access-list 102 permit ip any

Router (config) # int vlan 4

Router (config-if) # ip access-group 102 in

Router (config-if) # exit