Configuring Standard ACL (Access List) on #Cisco Router. What is a Standard ACL, and what is its purpose? Configuring a Standard ACL (Access List) on Cisco devices provides users with various filtering options that they can use as a security firewall tool to grant access permissions from specific sources to users or other devices. The primary purpose of configuring a Standard ACL is to help control whether packets from a particular source IP address or protocol are allowed to pass through or not, by grouping and setting them up. Standard Access Lists are quite simple in recognizing which Network is allowed to access; they either block all incoming traffic unless allowed for desired traffic or only allow traffic to reach specified destinations.
Standard Access Control Lists
- Only control packets based on IP addresses.
- Applied closest to the Destination Address router.
- In Standard ACL configuration, only numbers from 1 to 99 and 1300 to 1999 are used.
Configuring Standard ACL on Cisco Devices
This example will be conducted using Cisco Packet Tracer. According to our sample scenario, PC0 and PC1 users will have IP addresses from the 192.168.2.x block, and their gateways will be set to 192.168.2.1. PC2, located in another network block, will be assigned an IP address from the 192.168.1.x block, with the default gateway set to 192.168.1.1.
For the serial connection between the two routers, Router0 will be assigned 2.2.2.1, and Router1 will be assigned 2.2.2.3. I assume that you have configured static routing on the routers for this infrastructure.
Now, for the Standard ACL (Access List), we will create rules as follows: PC0 user should be able to reach Server0, PC1 user, who is in the same IP block, should not be able to reach the server, and PC2 user, in a different IP block, should also not be able to reach Server0. Since the destination address, i.e., the target Server0, is on Router1, we will make the necessary configurations there.
- R1>enable
- R1#conf terminal
- R1(config)#access-list 10 permit 192.168.2.10 (I’m specifying the permit rule with a value of 10 and entering the allowed IP address. If there are multiple user IP addresses, you can add them with this command.)
- R1(config)#access-list 10 deny 192.168.2.0 0.0.0.255 (I added 0.0.0.255 at the end of 192.168.2.0 because I want to block all IP addresses from that block. Of course, you can also do this by specifying a single IP address.)
- R1(config)#access-list 10 deny 192.168.1.0 0.0.0.255 (I added 0.0.0.255 at the end of 192.168.1.0 because I want to block all IP addresses from that block.)
- R1(config)#interface serial 0/1/0 (I’m entering the serial port of the router I’m defining.)
- R1(config-if)#ip access-group 10 in (This is the command to define the Access List on the switch. If you don’t specify this, your rule won’t work.)
- R1(config-if)#end
- R1#wrAfter entering these Standard ACL (Access List) commands, according to our scenario, PC0 user will be able to ping Server0, while other users will not be able to access it. By defining Access List groups in this way, you can create simple network security to specify which IP groups in your network structure should or should not communicate with which VLAN groups.
