Back to course

Extended Access Control Lists (ACLs) Configuration

CCNA: 0 to Hero - Comprehensive Network Engineering Bootcamp

Lesson 50: Extended Access Control Lists (ACLs)

Extended ACLs provide much finer granularity, allowing filtering based on multiple criteria.

Extended ACLs (Numbered 100-199 or 2000-2699)

  • Criteria: Source IP, Destination IP, Protocol (TCP, UDP, ICMP), and Source/Destination Port Numbers.
  • Placement Rule: Place extended ACLs as close to the source of the traffic as possible to conserve network bandwidth and router resources.

Configuration Example (Deny Telnet Traffic)

We want to prevent traffic from the 10.1.1.0 network from reaching the 192.168.10.0 web server using Telnet (TCP Port 23).

  1. Create the ACL (Numbered 105): ios ! Syntax: access-list [ACL#] [permit/deny] [protocol] [source] [wildcard] [dest] [wildcard] [operator port] Router(config)# access-list 105 deny tcp 10.1.1.0 0.0.0.255 192.168.10.0 0.0.0.255 eq 23 Router(config)# access-list 105 permit ip any any

  2. Apply to Source Interface: Applied outbound on the interface connected to 10.1.1.0. ios Router(config)# interface G0/2 Router(config-if)# ip access-group 105 out