Create an Expanded Access List | Asante Technologies 35516 manual

Router(config)# access-list 1 deny 192.168.123.254 ? A.B.C.D Source wildcard. e.g. 0.0.0.255

<cr>

Router(config)# access-list 1 deny 192.168.123.254 Router(config)# access-list 1 permit any {0.0.0.0 255.255.255.255} Router(config)# exit

Router# show access-list

After entering the access list, use the show command from privileged mode, as shown above in the last line. Any lists you’ve created, as well as any remark entered for a list, will be displayed.

Note: In the above examples, the argument any can be used instead of 0.0.0.0 255.255.255.255.

5.6.2 Create an Expanded Access List

Extended access lists filter at layer 4, and can check source and destination addresses, as well as filter transport layer information, such as TCP and UDP protocols. In addition to the standard access list parameters listed above, an extended access list also uses the following information:

•Access list number (100–199): Identifies the access list to which an entry belongs

•IP/ICMP/TCP/UDP: Specifies protocol connection

•Destination address: Specifies the destination address to match

•Operator operand: Select eq (equal to), gt (greater than), lt (less than), or neq (not equal to) to specify how to match the protocol port number

•0-65535: Specifies the protocol port number. Well-known ports are listed below:

20 File Transfer Protocol (FTP) data

21 FTP Program

23 Telnet

25 Simple Mail Transfer Protocol (SMTP)

69 Trivial File Transfer Protocol (TFTP)

53 Domain Name System (DNS)

80 Hypertext Transport Protocol (HTTP)

110 Post Office Protocol (POP3)

119 Network News Transport Protocol (NNTP)

In the following example, an extended access list will be created to deny FTP and allow all other traffic from subnet 192.168.123.0 to be forwarded to all other networks or subnets.

Note: Remember when the cursor reaches the right margin, the command line shifts 8 spaces to the left. You cannot see the first eight characters of the line, but you can scroll back and check the syntax at the beginning of the command, using Ctrl-Bor the left arrow keys.


Router# configure terminal
Router(config)# access-list 101			?
remark		Access list entry comment
deny		Specify packets to reject
permit		Specify packets to forward
Router(config)# access-list 101			deny ?
ip	Specify IP connections
icmp	Specify ICMP connections
tcp	Specify TCP connections
udp	Specify UDP connections
Router(config)# access-list 101			deny tcp ?
A.B.C.D		Source address to match. e.g. 10.0.0.0
host		Host address to match.
any		Any source address to match
Router(config)# access-list 101			deny tcp 192.168.123.0 0.0.0.255 ?
A.B.C.D		Destination address to match. e.g. 10.0.0.0
host		Host address to match.
any		Any destination address to match

Router(config)# $ist 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 ?

Asante Technologies 35516 Create an Expanded Access List, Destination address to match. e.g

Models: 35516

5.6.2 Create an Expanded Access List

A.B.C.D

A.B.C.D

Destination address to match. e.g. 10.0.0.0