Access control lists (ACLs) provide a means to filter packets by allowing network traffic to cross specified interfaces. It controls whether a passing packet is allowed or denied to a destination (outbound or inbound) and takes an appropriate action. You will first have to create the ACLs and then apply to a specific interface.
There are 3 popular types of ACL: Standard, Extended and Named ACLs. We are only focusing standard named IP Access List in this example.
The difference between Standard numbered IP access list and Standard named IP access list is that, named access list uses a name instead of number between 1 & 99.
Standard Named IP Access Control List
In this example we will define a standard named access list that will allow network 10.20.1.0/24 to cross in the Fa0/1 interface. It will apply any IP address in this network (10.20.1.1-10.20.1.254) that is coming in to this interface.
Router# conf t
Router(config)# ip access-list standard allow_1
Router(config-std-nacl)# permit 10.20.1.0 0.0.0.255
Router(config-if)#ip access-group allow_1 in
In the above example we created ACL allow_1 and allowed 10.20.1.0/24 network traffic. We applied the ACL to FastEthernet 0/1 to filter the inbound traffic. Note, that there is implicit deny at the end of an Access List so any network other than the 10.20.1.0 is denied to enter the FA0/1 interface because of that implicit deny.
This example will deny outbound traffic to specific hosts (10.20.1.20 & 10.20.1.21) on the network.
Outbound means, out of the network interface where the server is located.
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip access-list standard Block_1
Router1(config-if)#ip access-group Block_1 out
Displaying Access Control Lists (ACL)
To display the ACLs configured on a device, use the show access-lists command below.
Router1(config)# show access-lists
To remove a access list from the router use the no access-list # command below. Replace the # with actual number of the access list.
Router1(config)# no access-list #
To remove a access list application from an interface use the no access-group # command below. Replace the # with actual number of the access list.
Publisher: abdirahman isse
Router1(config)# interface Fa1/1
Router1(config-int)#no access-group #