Configure Standard ACL Numbered | Cisco Router

By
Jaime Herrera
-

You can use a Standard Access Control List to allow or deny traffic to a host, network, or any host. 

In our example below we will deny traffic from the 20.20.20.0/24 to the 10.10.10.0/24 network

cisco access list acl
cisco access list acl

Topology used: Router-on-a-stick

Configuration

Router(config)#
  access-list                 Add an access list entry
!
Router(config)#access-list ?
  <1-99>            IP standard access list
!
Router(config)#access-list 10 ?
  deny    Specify packets to reject
  permit  Specify packets to forward
  remark  Access list entry comment
!
Router(config)#access-list 10 deny ?     
  Hostname or A.B.C.D  Address to match
  any                  Any source host
  host                 A single host address
!
Router(config)#access-list 10 deny 10.10.10.0 /24
!
Router(config)#interface gigabitEthernet 0/0.20
!
Router(config-subif)#ip ?
Interface IP configuration subcommands:
  access-group        Specify access control for packets
!
Router(config-subif)#ip access-group ?
  <1-199>      IP access list (standard or extended)
  <1300-2699>  IP expanded access list (standard or extended)
  WORD         Access-list name
Router(config-subif)#ip access-group 10 ?
  in   inbound packets
  out  outbound packets
Router(config-subif)#ip access-group 10 out

Verification
Our pings begin to drop from PC-2 to PC-1 after applying the ACL to interface Gi0/0.20

PC-2> ping 10.10.10.10 -t
84 bytes from 10.10.10.10 icmp_seq=1 ttl=63 time=7.283 ms
84 bytes from 10.10.10.10 icmp_seq=2 ttl=63 time=20.782 ms
10.10.10.10 icmp_seq=18 timeout
10.10.10.10 icmp_seq=19 timeout
10.10.10.10 icmp_seq=20 timeout
!
Router#show access-lists 
Standard IP access list 10
    10 deny   10.10.10.0, wildcard bits 0.0.0.255 (56 matches)

RELATED ARTICLESMORE FROM AUTHOR

Topic discussion at CLI Warriors - Forum