Standard ACL: Router (config) # access-list1permit192.168.2.00.0.0.255Router (config) # access-list1denyanyRouter (config) # intf01Router (config-if) # ipaccess-group1in extension ACL: Router (config) # access-list101permittcp192.168.1.00.0.0.
Standard ACL: Router (config) # access-list 1 permit 192.168.2.0 0.0.255 Router (config) # access-list 1 deny any Router (config) # int f0/1 Router (config-if) # ip access-group 1 in extended ACL: Router (config) # access-list 101 permit tcp 192.168.1.0 0.0.0.
Standard ACL:
Router (config) # access-list 1 permit 192.168.2.0 0.0.255
Router (config) # access-list 1 deny any
Router (config) # int f0/1
Router (config-if) # ip access-group 1 in
Extended ACL:
Router (config) # access-list 101 permit tcp 192.168.1.0 0.0.255 host 192.168.100.1 eq www
Router (config) # access-list 101 deny ip 192.168.2.0 0.0.255 192.168.3.0 0.0.255
Router (config) # int f0/1
Router (config-if) # ip access-group 101 in
ConfigurationThe router device only allows the IP address of the network management area to log on via TELNET, andConfigurationDeviceUser NameIt is benet, And the password is test:
Router (config) # access-list 1 permit 192.168.2.0 0.0.255
Router (config) # username benet password test
Router (config) # line vty 0 4
Router (config-line) # login local
Router (config-line) # access-class 1 in
Router (config-line) # exit
Both Intranet hosts canAccessServer, Internet only allowAccessPort 80 of the server (vlan100 ):
Router (config) # access-list 100 permit ip 192.168.0.0 0.0.255.255 host 192.168.100.2
Router (config) # access-list 100 permit tcp any host 192.168.100.2 eq 80
Router (config) # access-list 100 deny ip any
Router (config) # int vlan 100
Router (config-if) # ip access-group 100 out
Router (config-if) # exit
Allow hosts in 192.168.3.0/24 network segmentsAccessServer, but notAccessOther network segments cannotAccessInternet:
Router (config) # access-list 101 permit ip 192.168.3.0 0.0.255 host 192.168.100.2
Router (config) # access-list 101 deny ip any
Router (config) # int vlan 3
Router (config-if) # ip access-group 101 in
Router (config-if) # exit
Allow hosts with CIDR blocks of 192.168.4.0/24AccessServer, but notAccessOther CIDR blocks.AccessInternet:
Router (config) # access-list 102 permit ip 192.168.4.0 0.0.255 host 192.168.100.2
Router (config) # access-list 102 deny ip 192.168.4.0 0.0.255 192.168.0.0 0.0.255.255
Router (config) # access-list 102 permit ip any
Router (config) # int vlan 4
Router (config-if) # ip access-group 102 in
Router (config-if) # exit