ACLs: Permit/Deny Source & Destination Addresses, and Protocols

Post author:Youngster Company
Post published:July 19, 2022
Post category:Networking
Post comments:0 Comments
Reading time:4 mins read

Earlier we see how to Permitting/Denying Hosts, Networks, and subnets using ACLs in Networking now we are going to look at how we can Permit/Deny Source & Destination Addresses, and Protocols:

Permit Source Network:

access-list 101 permit ip 200.100.50.0 0.0.0.255 0.0.0.0 255.255.255.255
or
access-list 101 permit ip 200.100.50.0 0.0.0.255 any
Implicit deny ip any any

Deny Source Network:

access-list 101 deny ip 200.100.50.0 0.0.0.255 0.0.0.0 255.255.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
or
access-list 101 deny ip 200.100.50.0 0.0.0.255 any
access-list 101 permit ip any any
Implicit deny ip any any is present but irrelevant.

Permit Destination Network:

access-list 101 permit ip 0.0.0.0 255.255.255.255 200.100.50.0 0.0.0.255
or
access-list 101 permit ip any 200.100.50.0 0.0.0.255
Implicit deny ip any any

Deny Destination Network:

access-list 101 deny ip 0.0.0.0 255.255.255.255 200.100.50.0 0.0.0.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
or
access-list 101 deny ip any 200.100.50.0 0.0.0.255
access-list 101 permit ip any any
Implicit deny ip any any is present but irrelevant.

Permit one Source Network to another Destination Network:

Assume the only traffic you want is traffic from network 200.100.50.0 to network 150.75.0.0

access-list 101 permit ip 200.100.50.0 0.0.0.255 150.75.0.0 0.0.255.255
Implicit deny ip any any

To allow 2-way traffic between the networks adds this statement:

access-list 101 permit ip 150.75.0.0 0.0.255.255 200.100.50.0 0.0.0.255

Deny one Source Network to another Destination Network:

Assume you want to allow all traffic EXCEPT network 200.100.50.0 to network 150.75.0.0:

access-list 101 deny ip 200.100.50.0 0.0.0.255 150.75.0.0 0.0.255.255
access-list 101 permit ip any any

To deny 2-way traffic between the networks adds this statement:

access-list 101 deny ip 150.75.0.0 0.0.255.255 200.100.50.0 0.0.0.255

Deny FTP:

Assume you do not want anyone FTPing on the network:

access-list 101 deny tcp any any eq 21
access-list 101 permit ip any any
or
access-list 101 deny tcp any any eq ftp
access-list 101 permit ip any any

Deny Telnet:

Assume you do not want anyone telnetting on the network:

access-list 101 deny tcp any any eq 23
access-list 101 permit ip any any
or
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any

Deny Website:

access-list 101 deny tcp any any eq www.tiktok.com
access-list 101 permit ip any any eq www.tiktok.com
You can also use http instead of www.

Tags: Networking

Permit Source Network:

Deny Source Network:

Permit Destination Network:

Deny Destination Network:

Permit one Source Network to another Destination Network:

Deny one Source Network to another Destination Network:

Deny FTP:

Deny Telnet:

Deny Website:

Please Share This Share this content

You Might Also Like

Network ACL complicated questions and answers

What is AAA in Networking?

What are the Internet and Networking?

Types of ACLs in Networking

What is Switch? And how to configure it?

What is MAC Address? Why do we need this

Leave a Reply Cancel reply

Share this content