creating standard named ip access list on cisco router

Access control lists (ACLs) provide a means to filter packets by allowing network traffic to cross specified interfaces. It controls whether a passing packet is allowed or denied to a destination (outbound or inbound) and takes an appropriate action. You will first have to create the ACLs and then apply to a specific interface.
There are 3 popular types of ACL: Standard, Extended and Named ACLs. We are only focusing standard named IP Access List in this example.

The difference between Standard numbered IP access list and Standard named IP access list is that, named access list uses a name instead of number between 1 & 99.

Standard Named IP Access Control List

In this example we will define a standard named access list that will allow network 10.20.1.0/24 to cross in the Fa0/1 interface. It will apply any IP address in this network (10.20.1.1-10.20.1.254) that is coming in to this interface.


Router# conf t
Router(config)# ip access-list standard allow_1
Router(config-std-nacl)# permit 10.20.1.0 0.0.0.255
Router1(config-std-nacl)#exit
Router(config)#interface Fa0/1
Router(config-if)#ip access-group allow_1 in
Router(config-if)#end
Router#

In the above example we created ACL allow_1 and allowed 10.20.1.0/24 network traffic. We applied the ACL to FastEthernet 0/1 to filter the inbound traffic. Note, that there is implicit deny at the end of an Access List so any network other than the 10.20.1.0 is denied to enter the FA0/1 interface because of that implicit deny.

This example will deny outbound traffic to specific hosts (10.20.1.20 & 10.20.1.21) on the network.
Outbound means, out of the network interface where the server is located.


Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip access-list standard Block_1
Router1(config-std-nacl)#deny 10.20.1.20
Router1(config-std-nacl)#deny 10.20.1.21
Router1(config-std-nacl)#permit any
Router1(config-std-nacl)#exit
Router1(config)#
Router1(config)#interface Fa0/1
Router1(config-if)#ip access-group Block_1 out
Router1(config-std-nacl)#exit
Router1(config)#exit
Router1#

Displaying Access Control Lists (ACL)
To display the ACLs configured on a device, use the show access-lists command below.

Router1(config)# show access-lists

To remove a access list from the router use the no access-list # command below. Replace the # with actual number of the access list.

Router1# conft
Router1(config)# no access-list #

To remove a access list application from an interface use the no access-group # command below. Replace the # with actual number of the access list.


Router1# conft
Router1(config)# interface Fa1/1
Router1(config-int)#no access-group #

Publisher: abdirahman isse

Share this post