From global configuration mode, view the command options under ip access-list by using a space and a question mark.
R1(config)#ip access-list ?
extended Extended Access List
standard Standard Access List
View the command options under ip access-list standard by using a space and a question mark.
R1(config)#ip access-list standard ?
<1-99> Standard IP access-list number
WORD Access-list name
Add ADMIN-MGT to the end of the ip access-list standard command and press Enter. You are now in the standard named access-list configuration mode (config-std-nacl).
R1(config)#ip access-list standard ADMIN-MGT
R1(config-std-nacl)#
Enter a question mark to view your command options.
R1(config-std-nacl)#?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
Create a permit ACE for Administrator PC-A at 192.168.1.3, and an additional permit ACE to allow other reserved administrative IP addresses from 192.168.1.4 to 192.168.1.7.
Now that the named ACL is created, apply it to the vty lines.
R1(config)#line vty 0 4
R1(config-line)#access-class ADMIN-MGT ?
in Filter incoming connections
out Filter outgoing connections
R1(config-line)#access-class ADMIN-MGT in
R1(config-line)#
Part 4: Verify the Access Control List Using Telnet
Open a command prompt on PC-A and verify that you can communicate with the router by issuing a ping command.
PC-A>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=0ms TTL=255
Reply from 192.168.1.1: bytes=32 time=0ms TTL=255
Reply from 192.168.1.1: bytes=32 time=0ms TTL=255
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
PC-A>
Using the command prompt on PC-A, launch the Telnet client program to telnet into the router.