If you are a network engineer or preparing for a network admin or networking related exam like CCNA,you must know how to control the traffic in and out of a cisco router using an access list(ACL).Once you understand the basic concept of ACL then it is very easy to configure it.Today here in this article we will learn basic concept of ACL and will also learn how to configure ACL on Cisco Router to control the traffic in a network.so if you want to understand ACL in few simple words then you can say that it is a network security protocol which denies or permits traffic between networks. Using ACL we can block or we can  allow certain end users(pc,laptop,printers etc) accessing some network resources . Today we will go through ACL configuration with an example using Packet Tracer.To understand ACL working,concept and its configuration i have taken an example in which i have taken 1 router and 6 pc.You can see the network topology diagram below.

ACL on cisco router

In this example the router needs to be configured with an access list that will block/allow the traffic that will comes in and out from interfaces fa0/0 and fa0/1 from 1.0.0.0/8 and 2.0.0.0/8 network.In this example we will use access list number 1. 

STEP1:ROUTER INTERFACE CONFIGURATION.

 

Router>enable
 Router#config t
 Enter configuration commands, one per line. End with CNTL/Z.
 Router(config)#hostname R0
 R0(config)#int fa0/0
 R0(config-if)#ip address 1.0.0.1 255.0.0.0
 R0(config-if)#no shut
 R0(config-if)#exit
 R0(config)#int fa0/1
 R0(config-if)#ip address 2.0.0.1 255.0.0.0
 R0(config-if)#no shut

 

 

STEP2:CONFIGURE ACL TO ALLOW OR DENY CERTAIN IP AS MENTIONED IN ABOVE TOPOLOGY NETWORK DIAGRAM.

R0(config)#access-list 1 permit host 1.0.0.3
 R0(config)#access-list 1 permit host 1.0.0.4
 R0(config)#access-list 1 deny host 1.0.0.2
 R0(config)#access-list 1 deny host 2.0.0.4
 R0(config)#access-list 1 permit host 2.0.0.2
 R0(config)#access-list 1 permit host 2.0.0.3

 

STEP3: NOW IT’S TIME TO APPLY  ACCESS LIST ON CORRECT INTERFACE.

 

R0(config)#int fa0/0
R0(config-if)#ip access-group 1 in
R0(config-if)#exit
R0(config)#int fa0/1
R0(config-if)#ip access-group 1 in
R0(config-if)#exit


STEP4: TEST ACL LIST TABLE

Now using below command you can verify whether ACL is configured according to your need or not.
R0#show ip access-lists 
Standard IP access list 1
 permit host 1.0.0.3
 permit host 1.0.0.4
 deny host 1.0.0.4
 deny host 2.0.0.4
 permit host 2.0.0.2
 permit host 2.0.0.3
 deny host 1.0.0.2
Comments
  1. Dumani says:

    Great stuff very simple and straight forward

    Liked by 1 person

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s