Sample Network: You may wish to
configure the network below. You will first need to configure the
network for dynamic or static routing. (Notice that the IP addresses
may have changed from the previous example.)
Example: Permitting only a specific host from the 205.7.5.0
network onto the 192.5.5.0 network
LabA (config)# access-list 10
permit host 205.7.5.11
LabA (config)# inter e 0
LabA (config-if)# ip access-group 10 out
Example: Denying a specific host
from the 205.7.5.0 network onto the 192.5.5.0 network
LabA (config)# access-list 10
deny 205.7.5.11
LabA (config)# access-list 10 permit 0.0.0.0 255.255.255.255
{Or LabA(config)# access-list 10 permit any}
LabA (config)# inter e 0
LabA (config-if)# ip access-group 10 out
Example: Permitting only hosts
from the 210.93.105.0 network onto the 192.5.5.0 network
LabA (config)# access-list 10
permit 210.93.105.0
{Or LabA (config)# access-list 10 permit 210.93.105.0 0.0.0.255}
LabA (config)# inter e 0
LabA (config-if)# ip access-group 10 out
Example: An access list that will permit telnets destined for
the host 223.8.151.10 from the 195.5.5.0, but will prohibit all other
telnets from the 195.5.5.0 network into the 223.8.151.0 network. All
other traffic is allowed to enter the 223.8.151.0 network.
LabA (config)# access-list 101
permit tcp 192.5.5.0 0.0.0.255 223.8.151.10 0.0.0.0 eq 23
LabA (config)# access-list 101 deny tcp 192.5.5.0 0.0.0.255
223.8.151.0 0.0.0.255 eq 23
LabA (config)# access-list 101 permit ip 0.0.0.0 255.255.255.255
0.0.0.0 255.255.255.255
LabA (config)# interface e 0
LabA (config-if)# ip access-group 101 in
Using the host keyword same as
the wildcard mask 0.0.0.0:
LabA (config)# access-list 101
permit tcp 192.5.5.0 0.0.0.255 223.8.151.10 0.0.0.0 eq 23
replaced by
LabA (config)# access-list 101 permit tcp 192.5.5.0 0.0.0.255 host
223.8.151.10 eq 23
Using the any keyword is the same
as the using 0.0.0.0 255.255.255.255
LabA (config)# access-list 101
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
replaced by
LabA (config)# access-list 101 permit ip any any
Note: Remember there is an implicit
deny any (everything) at the end of an access list.