Objective
Create a Standard ACL to block a specific host and an Extended ACL to allow only Web traffic.
Task 1 – Standard ACL (Block Host)
Block Host A (192.168.1.10) from accessing the Finance VLAN (192.168.2.0/24).
R1(config)# access-list 10 deny host 192.168.1.10 R1(config)# access-list 10 permit any R1(config)# interface gigabitEthernet 0/1 ! Interface facing Finance VLAN R1(config-if)# ip access-group 10 out
Task 2 – Extended ACL (Permit Web)
Allow only HTTP/HTTPS traffic from the Guest VLAN (192.168.3.0/24) to the Internet.
R1(config)# access-list 100 permit tcp 192.168.3.0 0.0.0.255 any eq 80 R1(config)# access-list 100 permit tcp 192.168.3.0 0.0.0.255 any eq 443 R1(config)# access-list 100 deny ip any any ! Implicit deny, but good to be explicit R1(config)# interface gigabitEthernet 0/2 ! Interface facing Guest VLAN R1(config-if)# ip access-group 100 in
Task 3 – Verification
R1# show access-lists Standard IP access list 10 10 deny 192.168.1.10 20 permit any Extended IP access list 100 10 permit tcp 192.168.3.0 0.0.0.255 any eq www 20 permit tcp 192.168.3.0 0.0.0.255 any eq 443