ACCESS CONTROL LIST:
It's a list of conditions or statements which is used to manage IP traffic.


Types:

1. Standard
2. Extended
3. Named

 

Standard ACL:

• Used for normal IP traffic, not used for Application layer traffic.
• Filter Source IP Address
• Range 1 - 99
• Applied on interface (closer to the destination)

Deny 10.0.0.3 to access hosts in 40.0.0.0 network:

Router(config)#access-list 1 deny host 10.0.0.3
Router(config)#access-list 1 permit any

Router(config)#int fa 4/0
Router(config-if)#ip access-group 1 out


Deny hosts in 10.0.0.0 network to access hosts in 30.0.0.0 network:

Router(config)#access-list 1 deny 10.0.0.0 0.255.255.255
Router(config)#access-list 1 permit any

Router(config)#int fa 3/0
Router(config-if)#ip access-group 1 out



Extended ACL:

• Used for Protocol type and Port No.
• Filter Source and Destination
• Range 100 - 199
• Applied on interface (closer to the source)

Deny IP traffic from 10.0.0.2 to 20.0.0.2:

Router(config)#access-list 100 deny ip host 10.0.0.2 host 20.0.0.2
Router(config)#access-list 100 permit any any

Router(config)#int fa 1/0
Router(config-if)#ip access-group 100 in


Named ACL:

• Used to define ACL Name instead of ACL Number.
• Used for both (Standard and Extended)

Deny 10.0.0.0 network to access all other networks:

Router(config)#ip access-list extended no_10net_out
Router(config-ext-nacl)#deny ip 10.0.0.0 0.255.255.255 any
Router(config-ext-nacl)#permit ip any any

Router(config-ext-nacl)#int fa 1/0
Router(config-if)#ip access-group no_10net_out in


ACL for Telnet:

Deny everyone except 30.0.0.3 to access Telnet:

Router(config)#access-list 78 permit host 30.0.0.3
Router(config)#access-list 78 deny any

Router(config)#line vty 0 4
Router(config-line)#access-class 78 in

Note: Telnet was already configured.