If you are a network engineer or preparing for a network admin or networking related exam like CCNA,you must know how to control the traffic in and out of a cisco router using an access list(ACL).Once you understand the basic concept of ACL then it is very easy to configure it.Today here in this article we will learn basic concept of ACL and will also learn how to configure ACL on Cisco Router to control the traffic in a network.so if you want to understand ACL in few simple words then you can say that it is a network security protocol which denies or permits traffic between networks. Using ACL we can block or we can allow certain end users(pc,laptop,printers etc) accessing some network resources . Today we will go through ACL configuration with an example using Packet Tracer.To understand ACL working,concept and its configuration i have taken an example in which i have taken 1 router and 6 pc.You can see the network topology diagram below.
In this example the router needs to be configured with an access list that will block/allow the traffic that will comes in and out from interfaces fa0/0 and fa0/1 from 188.8.131.52/8 and 184.108.40.206/8 network.In this example we will use access list number 1.
STEP1:ROUTER INTERFACE CONFIGURATION.
Router>enable Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R0 R0(config)#int fa0/0 R0(config-if)#ip address 220.127.116.11 255.0.0.0 R0(config-if)#no shut R0(config-if)#exit R0(config)#int fa0/1 R0(config-if)#ip address 18.104.22.168 255.0.0.0 R0(config-if)#no shut
STEP2:CONFIGURE ACL TO ALLOW OR DENY CERTAIN IP AS MENTIONED IN ABOVE TOPOLOGY NETWORK DIAGRAM.
R0(config)#access-list 1 permit host 22.214.171.124 R0(config)#access-list 1 permit host 126.96.36.199 R0(config)#access-list 1 deny host 188.8.131.52 R0(config)#access-list 1 deny host 184.108.40.206 R0(config)#access-list 1 permit host 220.127.116.11 R0(config)#access-list 1 permit host 18.104.22.168
STEP3: NOW IT’S TIME TO APPLY ACCESS LIST ON CORRECT INTERFACE.
R0(config)#int fa0/0 R0(config-if)#ip access-group 1 in R0(config-if)#exit
R0(config)#int fa0/1 R0(config-if)#ip access-group 1 in R0(config-if)#exit STEP4: TEST ACL LIST TABLE Now using below command you can verify whether ACL is configured according to your need or not. R0#show ip access-lists Standard IP access list 1 permit host 22.214.171.124 permit host 126.96.36.199 deny host 188.8.131.52 deny host 184.108.40.206 permit host 220.127.116.11 permit host 18.104.22.168 deny host 22.214.171.124