Extended Access Control Lists (ACL) allow to permit or deny traffic from
specific source address to destination address P address and port. It also allows you to specify different types of traffic such as ICMP, TCP, UDP, etc.

In the scenario
Two PC need access to service provided by server

PC1 need access to file share ( FTP )
PC2 need access to web-server ( www )

Step1: Configure an ACL to permit FTP access and ICMP on PC1

Use the command: access-list 100 permit tcp 172.22.34.64 0.0.0.31 host
172.22.34.62 eq ftp

a. Allow PC1 can ping and access file share on server

Use the command: access-list 100 permit icmp 172.22.34.64 0.0.0.31 host
172.22.34.62

b. Apply the ACL on the correct interface to filter traffic
on interface gi0/0

Use the command

R1(config)# int g0/0
R1(config-if)# ip access-group 100 in

c. Verify the ACL

. Ping from PC1 to Server should be successful
. FTP from PC1 to Server should be successful
PC1 can ping and access to ftp server

Step2: Configure an ACL to permit FTP access and ICMP on PC2

a. Configure name standard and exstanded ACL

Use the command: ip access-list extended HTTP_ONLY

b. Configure PC2 can ping and access to web-server

Use the command: permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www

R1(config)# int g0/1
R1(config-if)# ip access-group HTTP_ONLY in

c. Verify the ACL

. Ping from PC1 to Server should be successful
. FTP from PC1 to Server should be successful
PC2 can pring to server
PC2 can access to web-server

Watch Video on YouTube

By Admin