How to create and apply Cisco Standard Access List (ACL)

How to create and apply Cisco Standard Access List (ACL)

Access List (ACL) is rule that filters a network traffic incoming to router interface or outgoing from a

router interface. Each ACL’s rules tell the router which packets to discard, and which to permit.

Standard Access list filters the traffic based on the source IP address or network and is normally applied close to the destination device or network. Standard access list uses numbers from 1 to 99 or 1300 to 1999.

To create standard access list, first, create the rule and apply it to the router interface closest to the

destination device outbound or inbound.

Creating an access list to block a host:


R01>en
R01#conf t
R01(config)#access-list 1 deny 192.168.2.11 0.0.0.0
R01(config)#access-list 1 permit any
R01(config)#

Creating an access list to block a network (192.168.2.0/24). Note, we are using wildcard mask when blocking network not subnet mask.


R01>en
R01#conf t
R01(config)#access-list 1 deny 192.168.2.0 0.0.0.255
R01(config)#access-list 1 permit any
R01(config)#

Go the interface and apply the access list inbound or outbound


R01(config)#inter f0/1
R01(config-if)#ip access-group 1 out
R01(config-if)#exit
R01(config)#exit
R01#

See the access list by issuing show access-list command

R01#show access-lists
Standard IP access list 1
10 deny 192.168.2.0 0.0.0.63 (4 match(es))
20 permit any

R01#

Issue R01(config)#no access-list 1 to remove the access list
Issue R01(config-if)#no ip access-group 1 out to remove the access list application from the inteface.

Publisher: abdirahman isse

Share this post