ACL

ACL stand for access control list.
To understand this here is a very simple example, lets think that you are the owner of a house and you having a party or any function, let assume u are stand on your house door, so u can  control the incoming/outgoing people as per your rules/policies and even you can guide people to their respective destination.

ACL act just like the same, it can control the traffic over applicable network

and even can route/guide the packet to their respective destionation.

IP ACL

There are two types of IP ACL:-

 

  1. Standard IP ACL- it control the traffic collision of networks, but it is depend on source address.
  2. Extend IP ACL- It control the traffice of networks, but it is depend on source address destination address and protocol,

        Direction any interface, inside or outside.


Notes:- We can't apply two IP ACL list at the single direction.
            We can apply two IP ACL list at the single interface but in two

            different different direction.

 

STANDARD IP ACL

It works on single organization.

Basic Configuration.





################################################ [OK]
              Restricted Rights Legend
Use, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.

           170 West Tasman Drive

            San Jose, California 95134-1706


Cisco Internetwork Operating System SoftwareIOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2005 by cisco Systems, Inc.Compiled Wed 27-Apr-04 19:01 by miwang
cisco 2620 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory.Processor board ID JAD05190MTZ (4292891495)M860 processor: part number 0, mask 49Bridging software.X.25 software, Version 3.0.0.1 FastEthernet/IEEE 802.3 interface(s)2 Low-speed serial(sync/async) network interface(s)32K bytes of non-volatile configuration memory.63488K bytes of ATA CompactFlash (Read/Write)

         --- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: n

Press RETURN to get started!


Router>ena[enter]

Router#config[enter]

Configuring from terminal, memory, or network [terminal]?[enter]

Enterconfiguration commands, one per line.  End with CNTL/Z.

Router(config)#interface fastEthernet 0/0[press enter]

Router(config-if)#ip address 10.0.0.1 255.0.0.0[enter]

Router(config-if)#no shutdown[press enter]

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#ex[enter]

Router(config)#
Give Ip to all PC and ping to eachother.

To Create Virtual Terminal.


Router(config)#line vty 0 15[enter]
Router(config-line)#password cisco[enter][Virtual Terminal password]

Router(config-line)#login[enter]

Router(config-line)#exit[enter]

Router(config)#

Router(config)#enable password jetking[enter][privilage mode password]

 

Now accessing router from PC.

 

Packet Tracer PC Command Line 1.0

PC>telnet 10.0.0.1

Trying 10.0.0.1 ...Open

User Access Verification
Password:***** [cisco and enter]

Router>ena[enter]

Password: *******[jetking and enter]

Router#config[enter]

 

Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line.  End with CNTL/Z.

 

Router(config)#

 

How to create a list.?

 

Router>ena[enter]

Router#config[enter][10 is the identification of standard IPACL]

Router(config)#access-list 10 permit host 10.0.0.2[enter]

Router(config)#access-list 10 deny any[enter][only 10.0.0.2 is permited]

 

How to apply IPACL.?

 

Router(config)#interface fastEthernet 0/0[enter]

Router(config-if)#ip access-group 10 in[enter][in means inner side]

 

Now accessing router from PC except 10.0.0.2

 

From Pc 10.0.0.2

PC>telnet 10.0.0.1

Trying 10.0.0.1 ...% Connection timed out; remote host not responding

PC>

 

Standard IPACL
Standard IPACL

EXTENDED IPACL