Paolo Caparrelli Cisco 22 June 2022

First you have to create an access list:

router(config)#access-list 100 permit icmp any any unreachable
router(config)#access-list 100 permit icmp any any echo-reply
router(config)#access-list 100 permit icmp any any time-exceeded
router(config)#access-list 100 permit icmp any any source-quench
router(config)#access-list 100 deny icmp any any timestamp-request
router(config)#access-list 100 deny icmp any any timestamp-reply
router(config)#access-list 100 permit ip any any

Then add id to IN or OUT to the interface:

router(config)#interface GigabitEthernet0/2
router(config)#ip access-group 100 in

Modificare una access-list (Prima magari visualizzala e guarda i numeri di riga)
Visualizzare access-list: router#sh ip access-list 100

router(config)#ip access-list extended 100
router(config-ext-nacl)#67 deny tcp any any eq telnet
router(config-ext-nacl)#do sh ip access-list 100

NOTA: La sequenza è fondamentale per l'applicazione delle regole.

Esempio:

csco-gw02(config-ext-nacl)#do sh ip access-list 100
Extended IP access list 100
    10 permit icmp any any unreachable (2 matches)
    20 permit icmp any any echo-reply
    30 permit icmp any any time-exceeded
    40 permit icmp any any source-quench
    50 deny icmp any any timestamp-request (1 match)
    60 deny icmp any any timestamp-reply
    70 permit ip any any (84562 matches)

Home

About Us

Services

Solutions

Systems Architecture

Support

FAQ

News

Cisco IOS – Create an access-list and apply to a interface