Cisco CCNA Standard Access List


Click here to read the presentation

Cisco CCNA-Standard access list

There are two kinds of ACL:

1) Standard ACL – in here we are only talking about the source

2) Extended ACL in here we are talking about the source and Destination

and most of time you see the port number

 

Http=80

FTP=21

TELNET=23

SMTP= 25 (to send the e-mail)

POP3=110 (to retrieve your e-mail)

 

Hint:

THE ACL is two-step process :

step 1) write all your ACL

step 2)  you go to interface and apply it

int s0/0

ip access-group ?

Receive our Cisco CCNA Packet Tracer!
Get our complete tutorial in PDF

——Now I will do a LAB—-Goal is that the sales LAN =10.10.10.0/24 will not be able to access the

EGR LAN= 30.30.30.0/24

 

Pre step 1) what kind Of ACL?

Standard ACL- since It talk about the source if it says I do not want SALES Lan cannot access the webserver=30.30.30.200 (port 80)

that will be extended ACL …why >? Since I am talking about both source and destination

 

————-Step 1) I go to R1 and Write my ACL —-R1#

R1#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#acc

R1(config)#access-list ?

<1-99>     IP standard access list

<100-199>  IP extended access list

R1(config)#access-list 3 ?

deny    Specify packets to reject

permit  Specify packets to forward

remark  Access list entry comment

R1(config)#access-list 3 den

R1(config)#access-list 3 deny ?

A.B.C.D  Address to match

any      Any source host

host     A single host address

R1(config)#access-list 3 deny  10.10.10.0 ?

A.B.C.D  Wildcard bits

<cr>

R1(config)#access-list 3 deny  10.10.10.0 0.0.0.255

 

———–HINT: make sure you will have a permit statement at end of it why? Since there is an implicit deny at the end of ACL;

 

R1(config)#acc

R1(config)#access-list ?

<1-99>     IP standard access list

<100-199>  IP extended access list

R1(config)#access-list 3 ?

deny    Specify packets to reject

permit  Specify packets to forward

remark  Access list entry comment

R1(config)#access-list 3 per

R1(config)#access-list 3 permit ?

A.B.C.D  Address to match

any      Any source host

host     A single host address

R1(config)#access-list 3 permit any ?

<cr>

R1(config)#access-list 3 permit any

R1(config)#

 

——-Let’s look at show run —–

access-list 3 deny 10.10.10.0 0.0.0.255

access-list 3 permit any

 

 ———-NOW step 2) is to apply it to int s0/0

R1#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#int s0/0

R1(config-if)#ip acc

R1(config-if)#ip access-group ?

<1-199>  IP access list (standard or extended)

WORD     Access-list name

R1(config-if)#ip access-group 3 ?

in   inbound packets

out  outbound packets

R1(config-if)#ip access-group 3 out ?

<cr>

R1(config-if)#ip access-group 3 out

R1(config-if)#

 

——–Here is my show run so far—

R1#show run
!
interface Serial0/0

ip address 20.20.20.9 255.255.255.252

ip access-group 3 out

clock rate 64000

access-list 3 deny 10.10.10.0 0.0.0.255

access-list 3 permit any

 

——-As we see I cannot ping the other Lan—

PC>ping 30.30.30.4

Pinging 30.30.30.4 with 32 bytes of data:

Reply from 10.10.10.100: Destination host unreachable.

Reply from 10.10.10.100: Destination host unreachable.

Reply from 10.10.10.100: Destination host unreachable.

Reply from 10.10.10.100: Destination host unreachable.

Ping statistics for 30.30.30.4:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

———————————————

 

Here I ping and I see it did not work and I see the result—

R1#show access-lists

Standard IP access list 3

deny 10.10.10.0 0.0.0.255 (4 match(es))

permit any

R1#show access-lists

Standard IP access list 3

deny 10.10.10.0 0.0.0.255 (8 match(es))

permit any

 

[bs_icon name=”glyphicon glyphicon-expand”] Watch the video and you will be able to understand Standard Access List much better and Please subscribe to our YouTube Channel.



Want more information on how to become Cisco CCNA Certified? Learn more!


Also published on Medium.

Exit mobile version