Exploring the quirks of Network Engineering
Scenario
This compares the configuration of an extended ACL designed to only permit SSH and HTTP access to particular servers on an internal network. Logging is also applied to the final deny statement. The ACL is applied inbound on R1’s outside interface.
IOS Config
hostname R1
!
ip access-list extended RESTRICT
permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.1 eq www
permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.2 eq 22
deny ip any any log
!
interface GigabitEthernet0/0
ip address 172.16.1.1 255.255.255.0
ip access-group RESTRICT in
!
XR Config
hostname R1
!
ipv4 access-list RESTRICT
10 permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.1 eq http
20 permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.2 eq ssh
100 deny ipv4 any any log
!
interface GigabitEthernet0/0/0/0
ipv4 address 172.16.1.1 255.255.255.0
ipv4 access-group RESTRICT ingress
!