Sharing Ilmu

Sharing for useful things

Configuration Standard ACL on Cisco

In this tutorial I’ll discuss about how to configuration standard ACL on cisco packet tracer. Standard ACL work only for one connection traffic. using for filter source ip address and Permit/deny all protocol suite TCP/IP.¬† Standard ACL using number 1-199.

For configure ACL on router, setting ACL first in global mode and then assign to the interface.

MyRouter(config)# access-list 1 permit/deny source hostname/ip/network 
MyRouter(config)# access-list 1 permit/deny any
MyRouter(config)# interface g0/0/0 
MyRouter(config)# ip access-group 1 in/out

The following is the topologi :

 

Configure IP Address on R1 :

R1(config)#int g0/0/0
R1(config-if)#ip add 10.10.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#int g0/0/1
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown

Configure IP Address on R2 :

R2(config)#int g0/0/0
R2(config-if)#ip add 10.10.10.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#int g0/0/1
R2(config-if)#ip add 192.168.2.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit

Configure IP Address on PC0 :

Configure IP Address on PC1 :

 

Configure IP Address on PC2 :

Configure IP Address on PC3 :

 

 

Configure OSPF on R1 :

R1(config)#router ospf 1
R1(config-router)#router-id 10.10.10.1
R1(config-router)#network 10.10.10.0 0.0.0.255 area 0
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R1(config-router)#exit

Configure OSPF on R2 :

R2(config)#router ospf 1
R2(config-router)#router-id 10.10.10.2
R2(config-router)#network 10.10.10.0 0.0.0.255 area 0
R2(config-router)#network 192.168.2.0 0.0.0.255 area 0
R2(config-router)#exit

 

Test PING between PC0 from network R1 to PC2 from network R2 first :

Connection successfull. Now for example we need to block access from PC0 (192.168.1.2) to network R2 (192.168.2.0/24) but other connection  from R1 is allow. configure ACL on R2.

R2(config)#access-list 1 deny 192.168.1.2 0.0.0.0
R2(config)#access-list 1 permit any
R2(config)#int g0/0/1
R2(config-if)#ip access-group 1 out
R2(config-if)#

 

Now test ping again from PC0 to network R2. Connection from PC0 to R2 has been blocked.

 

Test ping from PC1 to network R2 still can connection.


Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>