If you are a network engineer or preparing for a network admin or networking related exam like CCNA,you must know how to control the traffic in and out of a cisco router using an access list(ACL).Once you understand the basic concept of ACL then it is very easy to configure it.Today here in this article we will learn basic concept of ACL and will also learn how to configure ACL on Cisco Router to control the traffic in a network.so if you want to understand ACL in few simple words then you can say that it is a network security protocol which denies or permits traffic between networks. Using ACL we can block or we can allow certain end users(pc,laptop,printers etc) accessing some network resources . Today we will go through ACL configuration with an example using Packet Tracer.To understand ACL working,concept and its configuration i have taken an example in which i have taken 1 router and 6 pc.You can see the network topology diagram below.
In this example the router needs to be configured with an access list that will block/allow the traffic that will comes in and out from interfaces fa0/0 and fa0/1 from 1.0.0.0/8 and 2.0.0.0/8 network.In this example we will use access list number 1.
STEP1:ROUTER INTERFACE CONFIGURATION.
Router>enable Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R0 R0(config)#int fa0/0 R0(config-if)#ip address 1.0.0.1 255.0.0.0 R0(config-if)#no shut R0(config-if)#exit R0(config)#int fa0/1 R0(config-if)#ip address 2.0.0.1 255.0.0.0 R0(config-if)#no shut
STEP2:CONFIGURE ACL TO ALLOW OR DENY CERTAIN IP AS MENTIONED IN ABOVE TOPOLOGY NETWORK DIAGRAM.
R0(config)#access-list 1 permit host 1.0.0.3 R0(config)#access-list 1 permit host 1.0.0.4 R0(config)#access-list 1 deny host 1.0.0.2 R0(config)#access-list 1 deny host 2.0.0.4 R0(config)#access-list 1 permit host 2.0.0.2 R0(config)#access-list 1 permit host 2.0.0.3
STEP3: NOW IT’S TIME TO APPLY ACCESS LIST ON CORRECT INTERFACE.
R0(config)#int fa0/0 R0(config-if)#ip access-group 1 in R0(config-if)#exit
R0(config)#int fa0/1 R0(config-if)#ip access-group 1 in R0(config-if)#exit STEP4: TEST ACL LIST TABLE Now using below command you can verify whether ACL is configured according to your need or not. R0#show ip access-lists Standard IP access list 1 permit host 1.0.0.3 permit host 1.0.0.4 deny host 1.0.0.4 deny host 2.0.0.4 permit host 2.0.0.2 permit host 2.0.0.3 deny host 1.0.0.2
Great stuff very simple and straight forward
LikeLiked by 1 person
thanz so much sir this is very helpfull
LikeLiked by 1 person
welcome to linuxtiwary.com. keep sharing and keep donating if you like our articles.
LikeLike