This challenge involves the configuration of an extended ACL. The objectives of this challenge are to:
> en # config t (config)# access-list 105 permit tcp host 208.89.101.4 host 41.153.91.2 eq ftp (config)# access-list 105 deny tcp host 197.119.92.8 host 144.98.220.6 eq ftp (config)# access-list 105 permit tcp 100.120.83.0 0.255.255.255 71.252.23.0 0.255.255.255 eq ftp (config)# access-list 105 deny tcp 35.208.170.0 0.255.255.255 184.124.8.0 0.255.255.255 eq ftp (config)# access-list 105 permit tcp any any (config)# int e0 (config-if)# ip access-group 105 in
> en # config t (config)# access-list 105 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment (config)# access-list 105 permit ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol igrp Cisco's IGRP routing protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol (config)# access-list 105 permit tcp host 208.89.101.4 host 41.153.91.2 eq ftp (config)# access-list 105 deny tcp host 197.119.92.8 host 144.98.220.6 eq ftp (config)# access-list 105 permit tcp 100.120.83.0 0.255.255.255 71.252.23.0 0.255.255.255 eq ftp (config)# access-list 105 deny tcp 35.208.170.0 0.255.255.255 184.124.8.0 0.255.255.255 eq ftp (config)# access-list 105 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment (config)# access-list 105 permit tcp A.B.C.D Source address any Any source host host A single source host (config)# access-list 105 permit tcp any ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers (config)# access-list 105 permit tcp any any (config)# int e0 (config-if)# ip access-group 105 in