STANDARD ACCESS CONTROL LIST

STANDARD ACCESS CONTROL LIST
(STANDARD ACL)




Configure Standard ACL as follows:

Syntax:

Router(config)#access-list <no.> permit/deny <source ip> <source wildcard mask>

To implement ACL on a Interface

Syntax:

Router(config)#interface <type> <no.> 
Router(config-if)#ip access-group <no.> in/out




On Kolkata:

SCENARIO 

Configuration of an access-list on KOLKATA such that 192.168.0.4 should not communicate with 10.0.0.0 network.

ON KOLKATA:
KOLKATA#configure terminal
KOLKATA(config)#access-list 1 deny192.168.1.4 0.0.0.0
KOLKATA(config)#access-list 1 permit any
KOLKATA(config)#interface e 0 
KOLKATA(config-if)#ip access-group 1 out 
KOLKATA(config-if)#exit
KOLKATA(config)#exit

Note : To test, ping from computer in DELHI LAN to a computer in KOLKATA LAN.

To Verify the Output use the following commands:

To verify the output of access-list

Syntax:

Router#show ip access-list

Output:


KOLKATA#sh ip access-lists
Standard IP access list 1
deny host 192.168.1.4
permit any
To verify the implementation of access-list
Syntax:
Router#show ip interface <type> <No>

KOLKATA#sh ip interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 10.0.0.1/8
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 1
Proxy ARP is enabled
Security level is default
Split horizon is enabled

-----More----


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)