Sharing Ilmu

Sharing for useful things

Configure Extended ACL on Cisco

In preceding tutorial I have discuss about Configure Standar ACL on Cisco  and In this tutorial I’ll discuss about how to configuration Extended ACL on Cisco Packet tracer. Extended ACL is more complex than standard ACL where that can filter source and destination IP Address and that can be filtered specific IP and port.  Using number 100-199.

The configuration is same with standard acl :

MyRouter(config)# access-list 100
MyRouter(config)# access-list 100 destination_IP port 
MyRouter(config)# access-list 100
MyRouter(config)# interface g0/0/0
MyRouter(config)# ip access-group permit/deny protocol source_IP destination_IP permit/deny protocol source_IP port

 

The following topologi are used :

 

Configure IP Address on R-ME :

R-ME(config)#int g0/0/0
R-ME(config-if)#ip add 10.10.10.1 255.255.255.0
R-ME(config-if)#no shutdown
R-ME(config-if)#exit
R-ME(config)#int g0/0/1
R-ME(config-if)#ip add 192.168.1.1 255.255.255.0
R-ME(config-if)#no shutdown
Configure IP Address on R-CORE :
R-CORE(config)#int g0/0/0
R-CORE(config-if)#ip add 10.10.10.2 255.255.255.0
R-CORE(config-if)#no shutdown
R-CORE(config-if)#exit
R-CORE(config)#int g0/0/1
R-CORE(config-if)#ip add 20.20.20.1 255.255.255.0
R-CORE(config-if)#no shutdown

 

Configure IP Address on R-SERVER :

R-SERVER(config)#int g0/0/0
R-SERVER(config-if)#ip add 20.20.20.2 255.255.255.0
R-SERVER(config-if)#no shutdown
R-SERVER(config-if)#exit
R-SERVER(config)#int g0/0/1
R-SERVER(config-if)#ip add 192.168.2.1 255.255.255.0
R-SERVER(config-if)#no shutdown
R-SERVER(config-if)#exit

Configure IP Address on PC0 :

Configure IP Address on PC1 :

Configure IP Address on SERVER-WEB :

Make sure HTTP/s Service is ON :

Configure Routing OSPF on R-ME  :

R-ME(config-router)#router-id 1.1.1.1
R-ME(config-router)#network 10.10.10.0 0.0.0.255 area 0
R-ME(config-router)#network 192.168.1.0 0.0.0.255 area 0
R-ME(config-router)#exit

 

Configure Routing OSPF on R-CORE :

R-CORE(config-router)#router-id 2.2.2.2
R-CORE(config-router)#network 10.10.10.0 0.0.0.255 area 0
R-CORE(config-router)#network 20.20.20.0 0.0.0.255 area 0
R-CORE(config-router)#exit

 

Configure Router OSPF on R-SERVER :

R-SERVER(config)#router ospf 1
R-SERVER(config-router)#router-id 3.3.3.3
R-SERVER(config-router)#network 20.20.20.0 0.0.0.255 area 0
R-SERVER(config-router)#network 192.168.2.0 0.0.0.255 area 0
R-SERVER(config-router)#exit

 

Now Configure ACL for network R-ME (192.168.1.0) can access to web but ping connection is blocked.

Configure ACL on R-ME :

R-ME(config)#access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.2.2 eq 80
R-ME(config)#int g0/0/0
R-ME(config-if)#ip access-group 100 out
R-ME(config-if)#exit

 

Test ping from network 192.168.1.0 to server 192.168.2.2. Ping connection to network 192.168.2.2 already blocked.

 

And then test web access to 192.168.2.2. web connection is allowed.

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>