A Standard Access List Control ACL is a type of ACL used on Cisco
devices to filter network traffic based only on "Source IP Address"
>Match only SIP and cannot filter by DIP , ports or protocols
>Uses numbered ACL (1-99 and 1300 -1999) or named ACL .
> Applied as close to the destination
Configuration on Router
Step 1 - Configuration of Standard ACL
access-list 10 deny host 10.1.1.100
access-list 10 permit any
Router#show ip access-lists
Standard IP access list 10
10 deny host 10.1.1.100
20 permit any
Step 2 - Apply the ACL on the interface close to the destination
interface GigabitEthernet0/0/1
ip access-group 10 out
Now lets access server 20.1.1.100 from the Laptop
We can see that laptop is not able to access the server
On Router we can see the hits as well.
Router#show ip access-lists
Standard IP access list 10
10 deny host 10.1.1.100 (4 match(es))
20 permit any
Complete Router Configuration
Router#show run
Building configuration...
Current configuration : 750 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
ip address 20.1.1.1 255.255.255.0
ip access-group 10 out
duplex auto
speed auto
!
interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
access-list 10 deny host 10.1.1.100
access-list 10 permit any
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Happy Learning !!
Network Engineer Stuff
No comments:
Post a Comment