Scribd
Upload
71 views4 pages

ACL Configuration On Packet Tracer

Uploaded by

es169371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
71 views4 pages

ACL Configuration On Packet Tracer

Uploaded by

es169371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Packet Tracer Standard Access List Configuration

In this lesson we will see Cisco Standard ACL Configuration and how to configure Standart Access-List in Packet Tracer.
There are
three types Access Contol Lists in common. These access list types are :

Standard Access List


Extended Access List
Named Access List

Standard Access-Lists are the simplest one. With Standard Access-List you can check only the source of the IP packets. On the
other hand, with Extended Access-Lists, you can check source, destination, specific port and protocols. Lastly, with Named
Access-Lists, you can use names instead of the numbers used in standard and extended ACLs. It do not have too much
difference, but it is different with its named style.

In this lesson, we will focus on Standart Access-List Configuration with Cisco Packet Tracer. We will focus on the below topology.
Here, with our Standard Access-List, we will prohibit PC2 to access the server. But PC0 and PC1 can still access the server.

For our Standard Access-List, we can use the ACL Number 1 to 99. These numbers can be 100 to 199, if you use extended ACLs.

Standard Access-List Configuration


Let’s start to do Cisco Standard ACL Configuration. We will configure the Standard Access-List on router.

First we use this commands:-

Router>
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip access-list standard 1
Router(config-std-nacl)#permit 10.0.0.2 0.0.0.0
Router(config-std-nacl)#permit 10.0.0.3 0.0.0.0
Router(config-std-nacl)#deny 10.0.0.4 0.0.0.0
Router(config-std-nacl)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#copy run start


Destination filename [startup-config]?
Building configuration...
[OK]

After giving the commands, check the connection by using the commands line “show access-lists”. If the it show
Router#
Router#sh access-lists
Standard IP access list 1
30 permit host 10.0.0.2
40 permit host 10.0.0.3
50 deny host 10.0.0.4
Then, Click on any pc use command prompt ping the server ip. Check the deny host (PC) If it shows the “ Destination
host unreachable” then the process of ACL commands is working. For Class C IP you have to change the wild masks (bits). Please Check
the interface which is connected to the server.

With this ACL configuration that we have written, we permit PC0 and PC1 to access the server. At the end of ACLs, there is an “Implicit
Deny”. This Implicit Deny prohibits the other IP addresses. Because of the fact that we did not, allow PC2’s IP address, it is automatically
denied and cannot access the server.

Here, there is no need to write but to show how to write deny, I will write the deny command also. As I said before, for this scenario, it is
not necessary. But, you can write.
Applying Standard Access-List to the Interface
After creating ACLs, we need to apply this ACL to the interface. For Standard Access-List, it is better to apply this ACL, close to the
destination. So, for this configuration, we will apply our standard access list to the fast Ethernet 0/1 interface of the router. In other words,
we will add ACL to the server face of the router.

Second we use this commands:-


Router>en
Router#conf t
Router(config)#int f1/0
Router(config-if)#
Router(config-if)#ip access-group 1 out
Router(config-if)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#
Router#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]

You might also like