There are three rules that apply to a packet in access-list. Here is the explanation:
1. Each package will be compared to each row in the Access List rule sequentially
2. If found suitable conditions stretcher packet will follow the existing rules in the Access List.
3. If the package does not find a corresponding rule then the packet is not allowed to pass or access the network.

Application of the access list itself is divided into two kinds, among others:
1. Standard Access List - do the screening packet by packet sender IP address.
2. Extended Access List - select a package based on the sender and receiver IP tools, protocols, and port types of packets sent.

When the ACL is configured on a router, the ACL must have a unique identification number given to him. This number indicates the type of access list is created and must be at a certain range of numbers valid for this type of list.

Type of ACL Range Number
IP Standard 1-99
IP Extended 100-199
IPX Standard 800-899
IPX Extended 900-999
Apple Talk 600-699
IPX SAP Filter 1000-1099

Standard configuration Acess List
Based on the table above, the standard access list will make the selection of packages using the sender's IP address range identifier number that can be used is the number 1 to 99.

Here is the formula:
Router(config)# access-list [identifier number] {permit/deny} [sender address] [wildcard-mask]

Case Access List:


There are 2 Routers, switch, server, 2 PC and Laptop. The rules is, Laptop with ip 10.10.10.2 can access web of server on ip 20.20.20.2. But other PC with ip 10.10.10.3 and 10.10.10.4 can't access to the website of server. Here is the configuration:

1. Set IP
- PC1: 10.10.10.2
- PC2: 10.10.10.3
- PC3: 10.10.10.4
- Server: 20.20.20.2

2. Router 5
- Se1/0 : 12.12.12.1 255.255.255.0
- Fa0/0 : 10.10.10.1 255.255.255.0

3. Router 6
- Se1/0 : 12.12.12.2 255.255.255.0
- Fa0/0 : 20.20.20.1 255.255.255.0 
- IP Route : ip route 20.20.20.0 255.255.255.0 12.12.12.2
- Access List: 
   Fa0/0 : ip access-group 100 out
   access-list 100 permit tcp host 10.10.10.2 host 20.20.20.2 eq www
   access-list 100 deny tcp any host 20.20.20.2 eq www
   access-list 100 permit ip any any

Post a Comment

 
Top