NetworkClue.com
NetworkClue Home PageHome Contact UsContact ConsultingConsult
Bulletin Board
Internet Services covers Secrets to hosting websites, Hosting your own web server, and using DNS Servers.Operating Systems leads you through the decision of Linux vs. Windows, ideal installations and setups to create an efficient and redundant environment for your business, and great features to make management easier.Routing & Firewalls contains articles that will allow you to take control of your router. Learn how to protect your company with access lists and advanced firewall techniques.Hardware answers the common questions about Switches vs. Hubs, recommends SysAdmin Tools, and recommendations for adequate power protection.Utilities will cover fighting spam, using Anti-Virus programs effectively and the must haves for every administrator's software toolbox.

Firewalls
Cisco
-Cisco IOS
-Cisco Access Lists
-Applying ACLs
-Editing ACLs
-Advanced ACLs
-Compression
Network Equipment
TCP/IP
Bulletin Board

Editing Cisco Access Control Lists (ACLs)

By Joshua Erdman
Digital Foundation, inc.

Before you try to read up on this article, be sure you are familiar with the terms and ideas Recall on ACL basics. It covers how ACLs are made and when to use a standard ACL vs. an extended one.

Reusing our example:

Assumptions:
internal network: 63.36.9.0

access-list 101 - Applied to traffic leaving the office (outgoing)

access-list 102 - Applied to traffic entering the office (incoming)

ACL 101
access-list 101 permit tcp 63.36.9.0 0.0.0.255 any eq 80

ACL 102
access-list 102 permit tcp any 63.36.9.0 0.0.0.255 established

We will apply our ACLs to the serial (T1) interface to protect our network and to limit our user's Internet access to just web browsing.

Editing and adding ACLs

If you need to add more permissions, you must add to the ACL you have already created. Any lines you add will be appended to at the bottom of the list.

How I keep track of all the ACLs I use is by keeping each one in a separate text file. I then make changes to the text file then I delete the whole access-list from the router's memory (running-config) and then copy and paste the new list each time I make updates.

Clue: There is no way to remove a single line from an ACL. Instead it is better to copy the whole ACL into a text editor and remove the offending line. Then remove the whole ACL from the router's memory (see below) and then add the modified ACL.

Removing ACLs

To remove an ACL from the router, be sure you are in enabled mode. Then use the command:

no access-list <list number>

That is all there is to it.

Clue: When you delete an access-list that is currently being applied to an interface, all traffic that is to be filtered through the specified access list will be allowed until the access list is reinstated or a new access-list is specified in the access-group command.

Our next article is on Advanced ACLs including Port Ranges and methods for grouping IP addresses together.

Article last reviewed: 01/09/2403


del.icio.us

Created by: Digital Foundation, inc.

Copyright © 2002-2005 Digital Foundation, inc.   www.networkclue.com

All content of the NetworkClue website is copyrighted. Articles, notes, outlines, and all other materials may not be stored on the Internet or sold or placed by themselves or with other material in any electronic or printed format in whole or part. However materials may be referenced by links to the site.

 

Related Articles:
ACL Samples
Advanced ACLs
Access Control Lists
Applying ACLs