Standard Access List Configuration With Packet Tracer - www.ipcisco.com : www.ipcisco.com
Content Protection by DMCA.com

Standard Access List Configuration
With Packet Tracer

In this lsson we will see the standart access list and how to configure standart access list in Packet Tracer.
There are three types Access Lists in common. Thse access list types are :

– Standard Access List
– Extended Access List
– Named Access List

You can DOWNLOAD the Packet Tracer example with .pkt format HERE.

Standard access lists are the simplest one. With standard access lists you can check only the source of the IP packets. But with Extended access lists, you can check source, destination, specific port and protocols.

In named ACLs, you can use names instead of the numbers used in standard and extended ACLs. It do not have too much difference, but it is different with its named style.

In this lesson, we will focus on Standart Access List configuration with Paket Tracer. We will focus on the below topology.

standard acl configuration packet tracer

Here, with our standard access list, we will prohibit PC2 to access the server. But PC0 and PC1 can still access the server.

For our standard access-list, we can use the ACL number 1 to 99. These numbers can be 100 to 199, if you use extended ACLs.

Standard Access-List Configuration

Let’s start to write standard access-list. We will configure the standard access list on router .

Router # configure terminal
Router (config)# ip access-list standard 1
Router (config-std-nacl)# permit 10.0.0.2 0.0.0.0
Router (config-std-nacl)# permit 10.0.0.3 0.0.0.0

With these configuration we write and ACL that permits PC0 and PC1 to access the server.At the end of ACLs, there is an “Implicit Deny”. These Implicit Deny, prohibits the other IP addresses. Because of the fact that we did not, allow PC2’s IP address, it is autoamtically denied and can not access the server.

Here, there is no need to write but to show how to write deny, I will write the deny command also. As Is aid before, for this scenario, it is not necesary. But, you can write.

Router (config-std-nacl)# deny 10.0.0.4 0.0.0.0
Router (config-std-nacl)# end
Router # copy run start

Applyin Standard Access-List to the Interface

After creating ACLs, we need to apply this ACL to the interface. For standard access lists, it is better to apply this ACL, close to the destination. So, for this configuration, we will apply our standard acceess list to the fastethernet 0/1 interface of the router.In other words, we will add ACL to the server face of the router.

Router (config)# interface fastethernet 0/1
Router (config-if)# ip access-group 1 out
Router (config-if)# end
Router # copy run start

As you see above, to write a standard ACL, firstly we enter the standard ACL configure mode, then we write permit/deny statement. After that we write the ip address that we would like to effect. Then, we write the wildcard mask for that subnet. Here, we only deny a specific IP, so our wildcard mask will be 0.0.0.0.

Lastly, we apply the standard access-list that we write, to the interface close to the destination.

Standard Access-List Verification

Now, it is time to verify. Let’s verify our Standard ACL Configuration With Packet tracer.Our aim was restricting PC2 to access the server. But PC0 and PC1 would still access the server.

Here we will ping the server ip address, 20.0.0.5 from each PC.

PC0> ping 20.0.0.5
PC1> ping 20.0.0.5
PC2> ping 20.0.0.5

standard access list configuration packet tracer

Here, the ping from PC0 and PC1 will be successfull. But, ping from PC2 will be unsuccessfull. The fastethernet 0/0 interface of router, willl send a “destination host unreachable” message to the PC2.

standard ACL configuration packet tracer

In this lesson, we have configured Standard Access List with Packet Tracer. For Extended and Named access-list configurations, you can check other ACL lessons.

You can DOWNLOAD the Packet Tracer example with .pkt format HERE.




About the Author
Gokhan Kosem is a telecommunation and network engineer. His ambition to IP networks and end-to-end system installation made him to prepare this web-site. By sharing his experiences about various networking protocols beside different system installation experiences and Cisco, Juniper, Alcatel-Lucent devices configurations, he is aimed to be helpful for his collegues in all over the world. He is currently lives in Istanbul, Turkey.

Leave a Reply


Copy Protected by Chetan's WP-Copyprotect.