Access Control Lists

This compares the configuration of an extended ACL designed to only permit SSH and HTTP access to particular servers on an internal network. Logging is also applied to the final deny statement. The ACL is applied inbound on R1’s outside interface.


IOS Config

hostname R1
ip access-list extended RESTRICT
 permit tcp host eq www
 permit tcp host eq 22
 deny ip any any log
interface GigabitEthernet0/0
 ip address
 ip access-group RESTRICT in

XR Config

hostname R1
ipv4 access-list RESTRICT
 10 permit tcp host eq http
 20 permit tcp host eq ssh
 100 deny ipv4 any any log
interface GigabitEthernet0/0/0/0
 ipv4 address
 ipv4 access-group RESTRICT ingress

Back to top

%d bloggers like this: