Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment1700 Series
41424344454647484950
2-7
Cisco 1700 Series Router Software Configuration Guide
78-5407-03
Chapter 2 Configuring Security Features
Configuring Firewalls
All matching parameters must be true before a command permits or denies
access to a packet.
There is an implicit deny all at the end of the sequence.
Configuration Examples
The following examples illustrate the configuration of standard numbered access
lists and extended numbered access lists.
Configuring Standard Numbered Access Lists
In the following example, access list 2, a standard numbered access list, is defined
to operate on the router, permitting or denying passage of packets associated with
network 36.0.0.0. This network is a Class A network whose second octet specifies
a subnet; that is, its subnet mask is 255.255.0.0. The third and fourth octets of a
network 36.0.0.0 address specify a particular host. Using access list 2, the router
would accept one address on subnet 48 and reject all others on that subnet. The
last line of the list shows that the router would accept addresses on all other
network 36.0.0.0 subnets.
access-list 2 permit 36.48.0.3
access-list 2 deny 36.48.0.0 0.0.255.255
access-list 2 permit 36.0.0.0 0.255.255.255
Note that all other accesses are implicitly denied.
The following commands tie the access group to a specific interface on the router
and specify that incoming packets are to be permitted or denied passage:
interface ethernet 0
ip access-group 2 in