Configuring Standard ACLs in Cisco Routers

Nerd cafe

Introduction to Standard ACLs

Access Control Lists (ACLs) in Cisco routers are used to filter traffic based on defined rules. A Standard ACL is a simple form of ACL that filters traffic based on source IP addresses only. It does not consider destination IP or other criteria.

In this guide, we will:

  1. Understand the concept of Standard ACLs

  2. Set up a practical GNS3 lab scenario

  3. Configure Standard ACLs step by step

  4. Test and verify the configuration

Step 1: Lab Topology in GNS3

We will simulate a small network using 1 router, 1 switch and 2 PCs.

Network Topology:

Topology

Objective:

  • Allow PC1 (192.168.1.100) to access Router (R1).

  • Deny PC2 (192.168.1.200) from reaching Router (R1).

Step 2: GNS3 Device Configuration

Assign IP addresses to the interfaces of Router (R1)

R1#configure terminal
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown

Step 3: Configuring Standard ACL on Router1

Create an ACL to allow PC1 and deny PC2

R1(config)#access-list 10 permit 192.168.1.100 0.0.0.0
R1(config)#access-list 10 deny 192.168.1.200 0.0.0.0
R1(config)#access-list 10 permit any

Explanation:

  • access-list 10 permit 192.168.1.100 0.0.0.0 → Allows PC1 to communicate

  • access-list 10 deny 192.168.1.200 0.0.0.0 → Blocks PC2 from communication

  • access-list 10 permit any → Ensures all other traffic is allowed

Apply the ACL to the interface

R1(config)#interface fastEthernet 0/0
R1(config-if)#ip access-group 10 in

Explanation:

  • ip access-group 10 in → Applies ACL 10 to incoming traffic on FastEthernet0/0.

Step 4: Verifying the Configuration

Check the ACL

R1#show access-lists
Standard IP access list 10
    10 permit 192.168.1.100
    20 deny   192.168.1.200
    30 permit any
R1#

Test connectivity

  • PC1 should be able to PING Router (R1)

PC1> ping 192.168.1.1

84 bytes from 192.168.1.1 icmp_seq=1 ttl=255 time=9.702 ms
84 bytes from 192.168.1.1 icmp_seq=2 ttl=255 time=9.840 ms
^C
PC1>

  • PC2 should NOT be able to PING Router1

PC2> ping 192.168.1.1

*192.168.1.1 icmp_seq=1 ttl=255 time=11.651 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=2 ttl=255 time=5.817 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=3 ttl=255 time=3.315 ms (ICMP type:3, code:13, Communication administratively prohibited)
^C
PC2>

Keywords

Standard ACL, Cisco ACL, Access Control List, Cisco Router, IP filtering, network security, CCNA, GNS3 simulation, ACL configuration, permit IP, deny IP, Cisco commands, access-list 10, router security, packet filtering, subnet ACL, IP access-group, inbound ACL, network filtering, ACL verification, سیسکو

PreviousTroubleshooting with show ip routeNextGetting Internet in GNS3 using a Cisco Router

Last updated