Scenario
This compares the configuration of an extended ACL designed to only permit SSH and HTTP access to perticular servers on an internal network. Logging is also applied to the final deny statement. The ACL is applied inbound on R1’s outside interface.
IOS Config
hostname R1 ! ip access-list extended RETRICT permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.1 eq www permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.2 eq 22 deny ip any any log ! interface GigabitEthernet0/0 ip address 172.16.1.1 255.255.255.0 ip access-group RESTRICT in ! |
XR Config
hostname R1 ! ipv4 access-list RESTRICT 10 permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.1 eq http 20 permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.2 eq ssh 100 deny ipv4 any any log ! interface GigabitEthernet0/0/0/0 ipv4 address 172.16.1.1 255.255.255.0 ipv4 access-group RESTRICT ingress ! |