All Cisco-Network Study Notes: Standard ACLs

Standard ACLs

Standard ACLs are the oldest and one of the best basal types of ACLs. Accepted ACLs audit cartage by

comparing the antecedent abode of the IP packets to the addresses configured in the ACL. A accepted ACL can be

defined to admittance or abjure specific antecedent IP addresses only.

The command syntax architecture to ascertain a numbered accepted ACL is the following:

Code View:

access-list access-list-number {deny | permit} antecedent [source-wildcard] [log]

The keyword log causes an advisory logging bulletin back the packet matches the access-list statement.

For all akin packets, a bulletin is beatific to the console, the buffer, or to a syslog server. The message

includes the ACL number, a notification of whether the packet was acceptable or denied, the antecedent address, and

the cardinal of packets.

Note

Fields represented by {} brackets are binding in the command syntax. Fields represented by []

brackets are optional.

In all Cisco IOS Software releases, the accepted access-list-number can be annihilation from 1 to 99 or the

expanded ambit 1300 to 1999, as apparent in Table 2-6. Archetype 2-2 shows a accepted numbered ACL allowing

access to hosts on the two authentic networks. The wildcard $.25 administer to the host portions of the network

addresses. Cartage from any host with a antecedent abode that does not bout the ACL belief will be dropped

because of the absolute deny.

Example 2-2. Accepted Numbered ACL Example

Router(config)# access-list 1 admittance 192.16.1.0 0.0.0.255

Router(config)# access-list 1 admittance 139.65.0.0 0.0.255.255

(Note: absolute deny)

Tip

A source/source-wildcard ambience of 0.0.0.0/255.255.255.255 can be authentic as any. The wildcard can

be bare if it is all zeros. Therefore, 10.1.1.1 0.0.0.0 is the aforementioned as host 10.1.1.1.

After the ACL is defined, it charge be activated to the interface (inbound or outbound direction).

Router(config)# interface

Router(config-if)# ip access-group {access-list-number|name} {in|out}

The afterward is addition archetype assuming the use of a accepted ACL to block all cartage except that from source

10.1.1.0/24. Note that the archetype has one admittance account followed by an absolute deny, which will block all

other traffic.

Step 1. Ascertain a accepted ACL.

Router(config)# access-list 1 admittance 10.1.1.0 0.0.0.255

Step 2. Administer the ACL to an interface.

Router(config)# interface Serial0

Router(config-if)# ip access-group 1 in