::
Computers & Technology
creating standard ip access list on cisco router
SpiderTip
Posted: 2014-03-21
Access control lists (ACLs) provide a means to filter packets by allowing network traffic to cross specified interfaces. It controls whether a passing packet is allowed or denied to a destination (outbound or inbound) and takes an appropriate action. You will first have to create the ACLs and then apply to a specific interface.
There are 3 popular types of ACL: Standard, Extended and Named ACLs. We are only focusing standard IP Access List in this example.
Standard access uses numbers from 1 to 99 and only checks the source address of all packets.
Standard Access Control List
In this example we will define a standard access list that will allow network 10.20.1.0/24 to cross in the Fa0/1 interface. It will apply any IP address in this network (10.20.1.1-10.20.1.254) that is coming in to this interface.
Router# conf t
Router(config)# access-list 10 permit 10.20.1.0 0.0.0.255
Router(config)#interface Fa0/1
Router(config-if)#ip access-group 10 in
Router(config-if)#end
Router#
In the above example we created ACL 10 and allowed 10.20.1.0/24 network traffic. We applied the ACL to FastEthernet 0/1 to filter the inbound traffic.
So the two steps involved are creating the Access Control List and applying it to an specific interface.
Displaying Access Control Lists (ACL)
To display the ACLs configured on a device, use the show access-lists command below.
Router1(config)# show access-lists
To remove a access list from the router use the no access-list # command below. Replace the # with actual number of the access list.
Router1# conft
Router1(config)# no access-list #
To remove a access list application from an interface use the no access-group # command below. Replace the # with actual number of the access list.
Router1# conft
Router1(config)# interface Fa1/1
Router1(config-int)#no access-group #