Small example created with Cisco Packet Tracer 7.2.
Partial script concerning “access-list”:
[Config…]
!
hostname LabA
!
[Config…]
!
interface FastEthernet0/0
description Uplink HomeRouter
ip address 10.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description Sales
ip address 172.16.40.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
description Finance
ip address 172.16.50.1 255.255.255.0
ip access-group 110 out
duplex auto
speed auto
!
interface FastEthernet1/1
description Marketing
ip address 172.16.60.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
!
[Config…]
!
access-list 110 deny tcp any host 172.16.50.5 eq www
access-list 110 deny tcp any host 172.16.50.5 eq ftp
access-list 110 permit ip any any
!
[Config…]
!
line con 0
logging synchronous
!
[Config…]
!
The hosts on Sales and Marketing can’t reach the webserver on the host Finance.