- Planet WAN Router User's Manual
41
Chapter 5 Security
5.1 Access-list
The purpose for access-list is packet filtering to control, which packets move through the network. Such
control can help limit network traffic and restrict network use by certain user or device.
Access-list is use as a packet filter, this function helps to limit network traffic and restrict network.
There are two general types of access lists:
Ø Standard access-lists – The standard access-list is check the source address of packets.
Access-list number is start from 1-99
Ø Extended access-list – The extended access-list is check for both source and destination packet
address and also check for specific protocols, port numbers and other parameters. Access-list
number is start from 100-199
access-list access-list number [permit | deny] – set the standard access-list’s rule.
ip access-group [in | out] – applies an existing access-list as an incoming or outgoing to an interface.
Access-list access-list number [permit | deny] protocol source-address source-wildcard
destination-address destination-wildcard [operator port] – set the extended access-list rule.
Standard access-list configuration example
ERT-805# show run
Building configuration ...
service password-encryption
service timestamps debug
!
hostname ERT-805
!
enable password 7 5EVbxkwzBvfT
!
username router password 7 qBjbURagjK0L
!
interface fastethernet 0/0
ip address 192.168.98.63 255.255.255.0
!
interface serial 0/0
encapsulation ppp