In this section, briefly explains the creation and configuration of an extended access control lists. Before discussing the topic lets defines extended access control lists. The extended access control list is used to control network traffic. The port number, protocol, source address, and destination address are used to configure the extended ACL. The range of numbers assigned is from 100-199 and can expand up to 2000-2699. The way an extended access control list can be expressed as:
access-list access-list-number [permit|deny] protocol source IP address source-wildcard destination destination-wildcard [operator]
CREATION OF EXTENDED ACCESS CONTROL LIST
The extended access control list can be created using an IOS command named access-list.
Below shown is one of the ways we use the access-list command in the global configuration mode of Router01.
One of the main points to remember is that in every Access Control List wherever we use it, in the end, there must be a deny statement. If “access-list 105 permit IP any” statement is not declared at the end of the statement then the extended access control list mentioned above can filter all the traffics present in the network. The command named no is used to delete the access control list. In the deletion case, we cannot remove a specified access list instead we can remove or delete the entire access control list. The statement used to delete the access control list is expressed as:
Router01(config)#no access-list 105
CONFIGURATION OF EXTENDED ACCESS CONTROL LIST
Extended Access Control list can be configured using an IOS command named access-group command. To use access-list to an interface access-group commands are applied. The format used to express the access-group IOS command is expressed below.
Router(config)# interface interface_no
Router01(config-if)#ip access-group <access_list_number> <in/out>
in/out – to specify the direction of traffic filter on the network, the keyword is used.
When the traffic arrives at the interface or the router the traffic needs to get filtered. For this, the keyword is used. The figure describes the “in keyword”. Filteration happens when arrives the router or interface.
Out keyword is used to filter the traffic when traffic leaves the router or the interface. The figure given explains the out keyword.
To remove the extended access control list from the given statement use the no command. The statement used to remove the access control list is shown below:
Router01(config-if)#no IP access-group 105
Download How to Create and Configure Extended Access Control Lists (ACL) in pdf – Click here