Router(config)#access-list nmero-de-lista-de-acceso deny permit remark origen [wildcard origen] [log] (usar la palabra clave remark para incluir
comentarios (observaciones) sobre entradas en cualquier ACL IP estndar o extendida). R1(config)# access-list 10 permit [Link] [Link] borrar ACL R1(config)#no access-list 10 R1#show access-lists Standard IP access list 10 permit [Link] [Link] ACL estndar, se la vincula a una interfaz R1(config)#interface fastEthernet 0/0 R1(config-if)#ip access-group 10 out Para eliminar una ACL de una interfaz 1 ingrese el comando: R1(config-if)#no ip access-group 10 out 2 el comando global no access-list para eliminar toda la ACL: R1(config)#no access-list 10 Uso de las ACL para controlar el acceso VTY La sintaxis del comando access-class es: access-classaccess-list-number {in [vrf-also] | out} R1(config)#access-list 21 permit [Link] [Link] R1(config)#access-list 21 deny any R1(config)#line vty 0 4 R1(config-line)#login % Login disabled on line 66, until 'password' is set % Login disabled on line 67, until 'password' is set % Login disabled on line 68, until 'password' is set % Login disabled on line 69, until 'password' is set % Login disabled on line 70, until 'password' is set R1(config-line)#password secret R1(config-line)#access-class 21 in pasos para crear una ACL estndar nombrada. R1(config)#ip access-list standard WEBSERVER R1(config-std-nacl)#permit [Link] R1(config-std-nacl)#permit [Link] R1(config-std-nacl)#deny [Link] [Link] R1(config-std-nacl)#deny [Link] [Link] R1#show access-lists Standard IP access list WEBSERVER permit host [Link] permit host [Link] deny [Link] [Link] deny [Link] [Link] R1# Configuracin de ACL extendidas R1(config)#access-list 103 permit tcp [Link] [Link] any eq 80 R1(config)#access-list 103 permit tcp [Link] [Link] any eq 443 R1(config)#access-list 104 permit tcp any [Link] [Link] established R1(config)#int s0/0/0 R1(config-if)#ip access-group 103 out R1(config-if)#ip access-group 104 in Denegar FTP y permite resto de trfico R1(config)#access-list 101 deny tcp [Link] [Link] [Link] [Link] eq 21 R1(config)#access-list 101 deny tcp [Link] [Link] [Link] [Link] eq 20 R1(config)#access-list 101 permit ip any any R1(config)#interface f0/1 R1(config-if)#ip access-group 101 in Denegar Telnet y permite resto de trfico R1(config)#access-list 101 deny tcp [Link] [Link] any eq 23 R1(config)#access-list 101 permit ip any any R1(config)#interface f0/0 R1(config-if)#ip access-group 101 out
Pto.80 HTTP Pto. 443 HTTPS
Sin el parmetro established en la sentencia de ACL, los clientes pueden enviar trfico a un servidor Web, pero no lo reciben de ese servidor.
FTP requiere puertos 20 ftp data y 21 ftp
�CREACION DE ACL EXTENDIDA NOMBRADA R1(config)#ip access-list extended SURFING R1(config-ext-nacl)#permit tcp [Link] [Link] any eq 80 R1(config-ext-nacl)#permit tcp [Link] [Link] any eq 443 R1(config-ext-nacl)#exit R1(config)#ip access-list extended BROWSING R1(config-ext-nacl)#permit tcp any [Link] [Link] established Para eliminar una ACL extendida nombrada R1(config)#no ip access-list extended SURFING
