Standard ACL

Internet

f0/0
NAT

Classification

ip nat inside source list 1 interface f0/0 overload

access-list 1 permit
access-list 1 permit

10.0.0.0
20.0.0.0

DS1

10.0.0.0

0.255.255.255
0.255.255.255

Filtering

20.0.0.0

Standard ACL

Internet

f0/0
8.8.8.8

NAT

20.0.0. 0000 0001

20.0.0. 0000 0010
20.0.0. 0000 0011
0.0.0. 0000 0011

ip access-group 2 in
out
ip access-group 1 out
Wildcard Mask
access-list
DS11 permit 10.0.0.0 0.255.255.255
permit 20.0.0.1
20.0.0.0 0.0.0.0
0.255.255.255
access-list 1 deny
20.0.0.1 0.0.0.0
access-list
20.0.0.2
ip access-group
1 in 1 deny
access-list 1 deny
20.0.0.3 0.0.0.0
access-list
1
permit
access-list 1 permit 10.0.0.0
20.0.0.0 0.255.255.255
0.255.255.255
access-list 1 deny
20.0.0.1 0.0.0.0
20.0.0.0 0.255.255.255
access-list 1 permit 10.0.0.0
access-list 1 deny
20.0.0.1 0.0.0.3
10.0.0.0access-list 1 permit20.0.0.0
20.0.0.0 0.255.255.255

Permit
Access
Server

Standard ACL

Internet
20.0.0.
20.0.0.
20.0.0.
20.0.0.
20.0.0.
20.0.0.
20.0.0.

f0/0
NAT

access-list 1
access-list 1
access-list 1
access-list 1
access-list
DS11
access-list 1
access-list 1
access-list 1
access-list 1

0000
0000
0000
0000
0000
0000
0000

0001
0010
0011
0100
0101
0110
0111

0.0.0. 0000 0111

permit
deny
deny
deny
deny
deny
deny
deny
permit

10.0.0.0
20.0.0.1
20.0.0.2
20.0.0.3
20.0.0.4
20.0.0.5
20.0.0.6
20.0.0.7
20.0.0.0

0.255.255.255
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.255.255.255

access-list 1 permit 10.0.0.0

access-list 1 deny
20.0.0.1
10.0.0.0access-list 1 permit20.0.0.0
20.0.0.0

0.255.255.255
0.0.0.7
0.255.255.255

Standard ACL

Internet

20.0.0.
20.0.0.
20.0.0.
20.0.0.

f0/0
NAT

0000
0000
0000
0000

0001
0010
0011
0100

0.0.0. 0000 0011

access-list 1
access-list 1
access-list 1
access-list 1
access-list
DS11
access-list 1

permit
deny
deny
deny
deny
permit

10.0.0.0
20.0.0.1
20.0.0.2
20.0.0.3
20.0.0.4
20.0.0.0

0.255.255.255
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.255.255.255

access-list
access-list
access-list
access-list

permit
deny
deny
permit

10.0.0.0
20.0.0.1
20.0.0.4
20.0.0.0

0.255.255.255
0.0.0.3
0.0.0.0
0.255.255.255

10.0.0.0

1
1
1
1

20.0.0.0

Standard ACL

Internet

20.0.0.
20.0.0.
20.0.0.
20.0.0.

f0/0
NAT

access-list 1
access-list 1
access-list 1
access-list 1
access-list
DS11
access-list 1

0100
0100
0100
0100

0000
0001
0010
0011

0.0.0. 0000 0011

permit
deny
deny
deny
deny
permit

10.0.0.0
20.0.0.64
20.0.0.65
20.0.0.66
20.0.0.67
20.0.0.0

0.255.255.255
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.255.255.255

access-list 1 permit
access-list 1 deny
access-list 1 permit

10.0.0.0
20.0.0.64
20.0.0.0

0.255.255.255
0.0.0.3
0.255.255.255

10.0.0.0

20.0.0.0

Standard ACL

Internet

f0/0
NAT
in

Access
Internet

out
access-list 1 permit
DS11 permit
access-list
deny
access-list 1 deny

10.0.0.0
0.255.255.255
20.0.0.1 255.255.255.255
0.0.0.0
0.0.0.0
0.0.0.0 255.255.255.255

access-list 1 permit
access-list 1 permit
access-list 1 deny

10.0.0.0
0.255.255.255
host 20.0.0.1
any

10.0.0.0

20.0.0.0

Standard ACL

Internet

Permit
Deny
Internet
access-list 1 deny host 20.0.0.1
access-list 1 permit any
f0/0
access-list 1 deny 20.0.0.1 0.0.0.0
NAT
access-list 1 permit any
line vty1 0in4
ip access-group
access-class 1 in

DS1

10.0.0.0

Deny
telnet

20.0.0.1

Standard vs Extended ACL

1300-1999
1-99
Standard ACL

access-list 1

deny

Extended ACL

access-list 100 deny

100-199
2000-2699

20.0.0.1 0.0.0.0
tcp 20.0.0.1 0.0.0.0 any eq 80
Protocol

S.IP

D.IP D.Port

Extended ACL

DNS
TFTP 8.8.8.8
HTTP
HTTPs

Internet

NAT

DS1

10.0.0.0

20.0.0.1

Extended ACL

Internet

Permit
Internet
access-list
access-list
access-list
access-list

100
100
100
100

deny
deny
deny
NAT
permit

tcp
tcp
tcp
ip

20.0.0.1 0.0.0.0 any eq 80

20.0.0.1 0.0.0.0 any eq 443
20.0.0.1 0.0.0.0 any eq 23
any
any

ip access-group 100 in

DS1

10.0.0.0

Deny
telnet

20.0.0.1

Extended ACL
access-list
access-list
access-list
access-list

100
100
100
100

deny
deny
permit
permit

Internet

icmp
udp
udp
ip

DNS
TFTP 8.8.8.8
Server

20.0.0.1 0.0.0.0 host 8.8.8.8

20.0.0.1 0.0.0.0 host 8.8.8.8 eq 69
20.0.0.1 0.0.0.0 host 8.8.8.8 eq 53
any
any

NAT

ip access-group 100 in

out
DS1

10.0.0.0

20.0.0.1

Named-ACL

R(config)# access-list 1 permit 20.0.0.0 0.255.255.255

R(config)# ip access-list standard ABC
R(config-std-nacl)# permit

20.0.0.0 0.255.255.255

R(config)# ip access-list extended ABC

R(config-ext-nacl)# permit tcp

20.0.0.0 0.255.255.255 host 8.8.8.8 eq 23

Named-ACL

R(config)#
R(config)#
R(config)#

access-list 1 permit 10.0.1.0 0.0.0.255

access-list 1 permit 10.0.2.0 0.0.0.255
access-list 1 permit 10.0.3.0 0.0.0.255

R(config)# no access-list 1 permit 10.0.3.0 0.0.0.255

R(config)# ip access-list standard abc
R(config-std-nacl)#
permit 10.0.1.0 0.0.0.255
R(config-std-nacl)#
permit 10.0.2.0 0.0.0.255
R(config-std-nacl)#
permit 10.0.3.0 0.0.0.255
R(config)# ip access-list standard abc
R(config-std-nacl)# no 30

Named-ACL
R(config-if)# ip access-group abc in/out
R(config)# ip access-list standard abc
R(config-std-nacl)#
10
permit 10.0.1.0 0.0.0.255
R(config-std-nacl)#
20
permit 10.0.2.0 0.0.0.255
R(config-std-nacl)#
30
permit 10.0.3.0 0.0.0.255
R(config-std-nacl)#

15

permit 10.0.4.0 0.0.0.255

R(config-std-nacl)#
R(config-std-nacl)#

35

permit 10.0.5.0 0.0.0.255

permit 10.0.6.0 0.0.0.255

R# show ip access-lists
Standard IP access list abc
10 permit 10.0.1.0,
20 permit 10.0.4.0,
15
10.0.2.0,
30 permit 10.0.2.0,
20
10.0.3.0,
30 permit 10.0.3.0,
35 permit 10.0.5.0,
45 permit 10.0.6.0,

wildcard
wildcard
wildcard
wildcard
wildcard
wildcard

bits
bits
bits
bits
bits
bits

0.0.0.255
0.0.0.255
0.0.0.255
0.0.0.255
0.0.0.255
0.0.0.255

Named-ACL

R(config)#
R(config)#
R(config)#

access-list 1 permit 10.0.1.0 0.0.0.255

access-list 1 permit 10.0.2.0 0.0.0.255
access-list 1 permit 10.0.3.0 0.0.0.255

R(config)# ip access-list standard 1

R(config-std-nacl)# no 30 , 20 , 10