Decorative spacer nik makris  
 Skip main navigation
Decorative spacer		 tab Services tab tab Shop tab tab Cisco tab tab Journal tab tab Projects tab tab Portfolio tab tab Profile tab tab Art tab tab Home tab
Decorative spacer


Decorative spacer Decorative spacer


CISCO ACCESS CONTROL LISTS REVISION

If you find this page useful check out my other revision pages:

For other useful CCNA study guides, CCNA practice exams and technical training, see my certification and networking links page.

ACCESS CONTROL LISTS (ACL)

Access Control Lists are used to:

  • Prioritise traffic
  • Restrict or reduce updates
  • Provide basic security
  • Block types of traffic

Access control list placement

  • Standard ACLs - Place as close to destination as possible.
  • Extended ACLs - Place as close to source of traffic as possible.
  • Only one ACL per port per direction is allowed.
  • ACL are more efficient on outbound port.
  • If a packet does not match the ACL statement then it will be implicitly denied.
  • Once a packet matches an ACL statement no other checks are made, it is permitted.

ACL IOS COMMANDS

Standard ACLs - Used to permit or deny an entire protocol suite.

The following two statements have the same effect:

Router(config)# access-list 1 permit 0.0.0.0 255.255.255.255
Router(config)# access-list 1 permit any

The following two statements also have the same effect:

Router(config)# access-list 1 permit 172.30.16.29 0.0.0.0
Router(config)# access-list 1 permit host 172.30.16.29

Extended ACLs - Used to permit or deny specific protocols

Protocol ranges are used in ACL statements to deny specific protocols. Below are the ones you will need for your CCNA.

Protocol Range
IP 1-99
Extended IP 100-199
Appletalk 600-699
IPX 800-899
Extended IPX 900-999
IPX SAP 1000-1099

Use the following table to permit or deny specific protocols, ports or ranges of port numbers, an example ACL follows.

lt Less than
gt Greater than
neq Not equal to
eq Equal to

Router(config)# access-list 101 deny tcp 172.16.4.0 0.0.255.255 any eq 23
Router(config)# access-list 101 permit ip any any established - Established keyword used to connect with a TCP established connection.

Named ACLs

Named access control lists are another way of creating ACLs, any example follows.

Router(config)# ip access-list standard Nik
Router(config std-nacl)# deny any log - used to deny log packets.

Viewing ACLs

Router(config)# show access-lists - shows all access lists.
Router(config)# show access-list 101 - shows access list 101.
Router(config)# show ip interface - used to find out which access lists are on which interfaces.

Configuring ACLs on an interface

Router(config)# interface s1
Router(config-if)# ip access-group 1 out /in - out bound is the default.

Removal of ACLs

Router(config)# no access-list 1



Nik Makris is certified under the CCNA® program

Nik Makris is certified
under the CCNA® program

 Back to Top
 Decorative spacer Decorative spacer

29 September 2006
Google
Web nikmakris.com
Valid CSS!
Valid XHTML 1.0!
Nik's Web Tracker


Decorative spacer

  All content © 2006 Nik Makris

This material is not sponsored, endorsed or affiliated with Cisco Systems, Inc. Cisco, Cisco Systems, CCIP, the CCIP Logo, the CCNA Logo, the CCNP Logo, the CCDA Logo and the CCDP Logo are trademarks of Cisco Systems, Inc. and its affiliates. CCNA®, CCNP®, CCDA® and CCDP® are registered trademarks of Cisco Systems, Inc. and its affiliates.