Jeremy's IT Lab Watch on YouTube

Free CCNA | Extended ACLs | Day 35 Lab | CCNA 200-301 Complete Course

2 min read 3 months ago
Published on Nov 25, 2025 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial will guide you through configuring extended IPv4 Access Control Lists (ACLs) as part of your CCNA 200-301 training. Understanding extended ACLs is critical for network security and management, as they allow for more granular control over traffic than standard ACLs.

Step 1: Understanding Extended ACLs

  • Extended ACLs filter traffic based on:
    • Source address
    • Destination address
    • Protocol type (e.g., TCP, UDP, ICMP)
    • Port numbers
  • They are configured on routers and switches to control traffic entering or leaving a network segment.

Practical Advice

  • Familiarize yourself with the syntax of extended ACL commands.
  • Extended ACLs are typically numbered from 100 to 199 or named with a specific identifier.

Step 2: Configuring an Extended ACL

  1. Access the router/switch's command line interface (CLI):

    • Use a terminal emulator (like PuTTY) to connect to the device.

  2. Enter global configuration mode:

    configure terminal

  3. Create a new extended ACL:

    • Use the following command format:
    access-list [ACL_NUMBER] [PERMIT|DENY] [PROTOCOL] [SOURCE] [WILDCARD_MASK] [DESTINATION] [WILDCARD_MASK]
    • Example:
    access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq 80
    • This command allows HTTP traffic from the 192.168.1.0 network to any destination.

  4. Apply the ACL to an interface:

    • Enter interface configuration mode:
    interface [INTERFACE_NAME]
    • Apply the ACL:
    ip access-group [ACL_NUMBER] [in|out]
    • Example:
    ip access-group 101 in

Common Pitfalls to Avoid

  • Forgetting to apply the ACL to the correct interface.
  • Using incorrect wildcard masks or protocol types.

Step 3: Verifying the ACL Configuration

  1. Check the ACL configuration:

    show access-lists
    • This command displays all configured ACLs and their rules.

  2. Verify applied ACLs on interfaces:

    show ip interface [INTERFACE_NAME]
    • This will show if the ACL is applied and in which direction (inbound or outbound).

  3. Test the configuration:

    • Use a device on the network to attempt accessing services that should be allowed or denied based on your ACL rules.

Conclusion

In this tutorial, you learned how to configure extended ACLs on Cisco devices. Understanding and managing these ACLs is crucial for maintaining network security. Remember to practice these steps in a lab environment for hands-on experience. For further learning, consider exploring additional resources or practice labs related to ACLs and network security.

Table of Contents

Recent