Thursday, 31 July 2025

Standard ACL

 A Standard Access List Control ACL is a type of ACL used on Cisco

devices to filter network traffic based only on "Source IP Address"


>Match only SIP and cannot filter by DIP , ports or protocols


>Uses numbered ACL (1-99 and 1300 -1999) or named ACL .


> Applied as close to the destination 




Configuration on Router 


Step 1 - Configuration of Standard ACL 


access-list 10 deny host 10.1.1.100

access-list 10 permit any


Router#show ip access-lists

Standard IP access list 10

10 deny host 10.1.1.100

20 permit any


Step 2 - Apply the ACL on the interface close to the destination


interface GigabitEthernet0/0/1

ip access-group 10 out



Now lets access server 20.1.1.100 from the Laptop 



We can see that laptop is not able to access the server


On Router we can see the hits as well. 


Router#show ip access-lists

Standard IP access list 10

10 deny host 10.1.1.100 (4 match(es))

20 permit any


Complete Router Configuration 


Router#show run

Building configuration...


Current configuration : 750 bytes

!

version 15.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

!

!

!

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0/0

ip address 10.1.1.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/0/1

ip address 20.1.1.1 255.255.255.0

ip access-group 10 out

duplex auto

speed auto

!

interface GigabitEthernet0/0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

access-list 10 deny host 10.1.1.100

access-list 10 permit any

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end


Happy Learning !!


Network Engineer Stuff

No comments:

Post a Comment