How to Configure Standard Access Control Lists (ACL)

Standard Access Control List is one of the ways used to reduce network traffic by following some rules. Unlike an extended access control list, standard access control lists are close to destination addresses. The numbers can be used up to the range of 1-99 and can be expanded up to 1300-1999. Standard Access Control List is simpler and easiest among other access control lists. Based on the source IP address management of networks happens. Compared to extended access control list standard access control lists are less used and are not much popular than others.

Configure Standard ACL

The figure shown above is an example of the Standard Access Control List lab work. The figure consists of six workstations, three servers, three routers, and three switches. In the figure, it is clearly mentioned the hostname, IP address and the interfaces of routers. And at the bottom part mentions the IP address of workstations and servers respectively.

CREATION OF STANDARD ACCESS CONTROL LIST

To create the Standard Access Control List and for accessing and for denying the networks the command used is an IOS command named “access-list”. From the Router03 global configuration mode, the access-list command is used. The statements shown below are in Router03 global configuration mode.

The main point to notice is that at the end of the statement there will be a deny statement. If at the end if there is no “access-list 5 permit any” statement then the standard access control statements above can filter all traffic to destination networks. To delete the standard ACL use the command called ‘no’. We cannot remove a specified statement instead we can delete or remove the entire statement. The statement can be written as:

Router03(config)#no access-list 5

CONFIGURATION OF STANDARD ACCESS CONTROL LIST

We use an IOS command named “access-group” for the configuration of the standard access control list. The access list can be used with the interface by using this command. The basic format used is given below:

Router(config)# interface interface_no

Router01(config-if)#ip access-group <access_list_number> <in/out>

To specify the direction of filtration the in/out keyword is used.

When the traffic arrives at the interface or the router filtrations need to take place which are specified in the keyword.

When the traffic leaves from the router or the interface filtration occur and these are specified in the out keyword.

To remove or delete the standard access control lists from the interface the command used is “no”. The statement can be written as:

Router01(config-if)#no IP access-group 5 out

Also, read…


Download How to Create and Configure Standard Access Control Lists (ACL) in pdf – Click here


 

Close Menu