Chapter 3: Advanced IPv4 Access Control Lists
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/12
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
13 Terms
access-list 101 permit icmp 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255 log
Global command for extended numbered access lists permitting ICMP from 192.168.1.0/24 to 10.1.1.0/24 with logging enabled.
access-list 102 deny tcp 10.0.0.0 0.0.0.255 eq 22 172.16.0.0 0.0.255.255 gt 1023 log
Extended ACL 102 denying SSH traffic from 10.0.0.0/24 to 172.16.0.0/16 with source ports above 1023, logging matches.
access-list 101 remark AllowICMPLANtoDMZ
Command that defines a remark for ACL 101 to describe permitting ICMP from LAN to DMZ.
ip access-group 101 in
Interface subcommand to apply ACL 101 inbound on the interface.
access-class 23 in
Line subcommand to apply ACL 23 inbound on VTY lines.
ip access-list extended WEB_ACL
Global command to create and configure a named extended ACL called WEB_ACL.
permit 192.168.10.0 0.0.0.255 log
ACL mode subcommand in WEB_ACL to permit traffic from 192.168.10.0/24 and log matches.
deny udp 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255 log
ACL mode subcommand in WEB_ACL to deny UDP traffic from 10.10.10.0/24 to 10.20.20.0/24 with logging.
permit tcp 192.168.2.0 0.0.0.255 eq 80 192.168.3.0 0.0.0.255 eq 8080 log
ACL mode subcommand in WEB_ACL to permit HTTP traffic from 192.168.2.0/24 to 192.168.3.0/24 on port 80 with logging.
remark BlockUDPtoFinanceServers
ACL mode subcommand in WEB_ACL to describe blocking UDP traffic to finance servers.
show ip interface GigabitEthernet0/1
Displays interface details for GigabitEthernet0/1, including any applied ACLs.
show access-lists WEB_ACL
Shows all entries in the named ACL WEB_ACL across all protocols.
show ip access-lists 101
Shows details of the IP access list numbered 101.