Let’s assume is protecting the server network (192.168.3.0/24). We want to allow HTTP/HTTPS from anyone, but block Telnet/FTP and restrict admin access.
Router# show running-config
Do not assign an IP address to the physical interface itself; just turn it on. cisco+lab+162