Routing & SwitchingSecurity

Configure Standard ACL Numbered | Cisco Router

You can use a Standard Access Control List to allow or deny traffic to a host, network, or any host. 

In our example below we will deny traffic from the to the network

cisco access list acl
cisco access list acl

Topology used: Router-on-a-stick


  access-list                 Add an access list entry
Router(config)#access-list ?
  <1-99>            IP standard access list
Router(config)#access-list 10 ?
  deny    Specify packets to reject
  permit  Specify packets to forward
  remark  Access list entry comment
Router(config)#access-list 10 deny ?     
  Hostname or A.B.C.D  Address to match
  any                  Any source host
  host                 A single host address
Router(config)#access-list 10 deny /24
Router(config)#interface gigabitEthernet 0/0.20
Router(config-subif)#ip ?
Interface IP configuration subcommands:
  access-group        Specify access control for packets
Router(config-subif)#ip access-group ?
  <1-199>      IP access list (standard or extended)
  <1300-2699>  IP expanded access list (standard or extended)
  WORD         Access-list name
Router(config-subif)#ip access-group 10 ?
  in   inbound packets
  out  outbound packets
Router(config-subif)#ip access-group 10 out 

Our pings begin to drop from PC-2 to PC-1 after applying the ACL to interface Gi0/0.20

PC-2> ping -t
84 bytes from icmp_seq=1 ttl=63 time=7.283 ms
84 bytes from icmp_seq=2 ttl=63 time=20.782 ms icmp_seq=18 timeout icmp_seq=19 timeout icmp_seq=20 timeout
Router#show access-lists 
Standard IP access list 10
    10 deny, wildcard bits (56 matches)