Standard Access Control List
From Wikipedia, the free encyclopedia
Standard Access Control Lists (ACL) are Cisco IOS-based commands used to filter packets on Cisco routers based on the source IP Address of the packet. Extended Access Control Lists have the ability to filter packets based on source and destination IP addresses.
Contents |
[edit] Numbered Standard Access Control Lists
Numbers between 1 and 99, or any number between 1300 and 1999 can be used in a Standard ACL. The number used in this range doesn't affect how the ACL is processed or which ACL is more important to the router. A standard ACL is concerned with only one factor, the source IP address of the packet. The destination is not considered.
[edit] Named Standard Access Control Lists
The difference between Named and Numbered ACL's is the name associated with the ACL and not the number. Names are easier to remember than a number.
[edit] Configuration of Named and Standard Access Control Lists
[edit] Creating Numbered Standard Access Control Lists
From Global Configuration mode, type in:
access-list [access-list-number] [deny|permit] [source-ip-address] [ wildcard mask]
interface [interface-number] ip access-group [number of list] in/out
Example:
access-list 5 permit 10.0.3.0 0.0.0.255 access-list 5 permit 10.0.5.0 0.0.0.255 int fa0/0 ip access-group 5 in
The above example permits traffic from two specific networks. Note that the access-list must be defined, and assigned an interface. An access-list by itself (not assigned to an interface) doesn't do anything at all.
"in" or "out" refer to the traffic into, or out of, the router that is being configured.
[edit] Creating Named Standard Access Control Lists
From Global configuration mode type:
ip access-list standard [name]
deny [source ip or keyword any] [wildcard mask or keyword any]
OR
permit [source ip or keyword any] [wildcard mask or keyword any]
