How To Configure Extended ACLs on a Cisco Router

By | 9th November 2015

Extended ACLs Configuration Example.

The practical steps for configuring extended ACLs are the same as for Standard ACLs, you first create the extended ACL and then activate it on an interface.

The figure below shows an example of how you might create an extended ACL specific to your network needs.

In this example, the network administrator needs to restrict Internet access to allow only website browsing. ACL 101 applies to traffic leaving the network, and ACL 102 to traffic coming into the network.

extended acls config eg.

                                 Extended ACLs Configuration example;

R1(config)#access-list 101 permit tcp any eq 80

R1(config)#access-list 101 permit tcp any eq 443

R1(config)#access-list 102 permit tcp any eq established

The above configuration on Router1 shows:

· ACL 101 allows requests to ports 80 and 443

·  ACL 102 allows established HTTP and HTTPS replies.

ACL 101 accomplishes the first part of the requirement. It allows traffic coming from any address on the network to go to any destination, subject to the limitation that traffic goes to ports 80 (HTTP) and 443 (HTTPS) only.

The nature of HTTP requires that traffic flow back into the network, in this case the network administrator wants to restrict that traffic to HTTP exchanges from requested websites. The security solution must deny any other traffic coming into the network. ACL 102 does that by blocking all incoming traffic, except for the established connections.

Notice that the example uses the established parameter. This parameter allows responses to traffic that originates from the /24 network to return inbound on the s0/0/0. With the established parameter, the router will allow only the established traffic to come back in and block all other traffic.

Applying Extended ACLs to Interfaces

Troubleshooting Extended ACLs Errors

Access List Configuration Example

Applying Extended ACLs on Interfaces

Complex ACLs

Creating Standard ACLs

How to Configure Switchport ACLs

Numbering and Naming ACLs

Reflective ACLs

Time Base ACLs

Troubleshooting ACLs Errors

Leave a Reply

Your email address will not be published. Required fields are marked *