Assumptions: internal network: 63.36.9.0

access-list 101 - Applied to traffic leaving the office (outgoing)

access-list 102 - Applied to traffic entering the office (incoming)

ACL 101 access-list 101 permit tcp 63.36.9.0 0.0.0.255 any eq 80

ACL 102 access-list 102 permit tcp any 63.36.9.0 0.0.0.255 established

We will apply our ACLs to the serial (T1) interface to protect our network and to limit our user's Internet access to just web browsing.

Editing and adding ACLs
If you need to add more permissions, you must add to the ACL you have already created. Any lines you add will be appended to at the bottom of the list.

How I keep track of all the ACLs I use is by keeping each one in a separate text file. I then make changes to the text file then I delete the whole access-list from the router's memory (running-config) and then copy and paste the new list each time I make updates.

Tip - There is no way to remove a single line from an ACL. Instead it is better to copy the whole ACL into a text editor and remove the offending line. Then remove the whole ACL from the router's memory (see below) and then add the modified ACL.

Removing ACLs
To remove an ACL from the router, be sure you are in enabled mode. Then use the command:

no access-list < list number >