access-list 101 permit tcp host 65.5.5.5 65.5.6.0 0.0.0.255 eq www is the correct answer.
Because extended ACLs can match so many different fields in the various headers in an IP packet, the command syntax cannot be easily summarized in a single generic command. However, the commands below summarize the syntax options.
The configuration process for extended ACLs mostly matches the same process used for standard ACLs. You must choose the location and direction in which to enable the ACL, particularly the direction, so that you can characterize whether certain addresses and ports will be either the source or destination. Configure the ACL using access-list commands, and when complete, then enable the ACL using the same ip accessgroup command used with standard ACLs. All these steps mirror what you do with standard ACLs; however, when configuring, keep the following differences in mind:
Place extended ACLs as close as possible to the source of the packets that will be filtered. Filtering close to the source of the packets saves some bandwidth.
Remember that all fields in one access-list command must match a packet for the packet to be considered to match that access-list statement.
Use numbers of 100–199 and 2000–2699 on the access-list commands; no one number is inherently better than another.
Comments
Post a Comment