Wednesday 7 August 2013

How To Apply Standard Access Control List (ACL)

Unknown  /  at  13:23  /  No comments

Standard Access Control List                  

In this article we will configure Standard Access List 
We will use EIGRP routing protocol in the following topology.


A standard access list filters only traffic based on source traffic, all you need is the IP address of the host or subnet you want to permit or deny. ACLs are created in global configuration mode and then applied on an interface. The syntax for creating a standard ACL is
access-list {1-99 | 1300-1999}{permit | deny} source-address[wildcard mask]
Three Basic Steps we follow to configure Standard ACL :
  • Use the access-list global configuration command to create an entry in a standard ACL.
  • Use the interface configuration command to select an interface to which to apply the ACL.
  • Use the ip access-group interface configuration command to activate the existing ACL on an interface.
Task :
  • permit 10.0.0.2 must be able to communicate with networks. 
  • deny 10.0.0.3 block  from gaining access on Network. 
  • permit 20.0.0.2 must be able to communicate with networks. 
  • deny 20.0.0.3 block  from gaining access on Network. 
  • permit 30.0.0.2 must be able to communicate with networks. 
  • deny 30.0.0.3 block  from gaining access on Network. 
  • permit 40.0.0.2 must be able to communicate with networks. 
  • deny 40.0.0.3 block  from gaining access on Network. 

Router 3:

Router>en
Router#config terminal
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 10.0.0.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#interface Serial1/0
Router(config-if)#ip address 192.168.1.5 255.255.255.252
Router(config-if)#no shut
Router(config-if)#interface Serial1/1
Router(config-if)#ip address 192.168.1.1 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#no shut
Router(config-if)#router eigrp 1
Router(config-router)# network 192.168.1.0 0.0.0.3
Router(config-router)#network 192.168.1.4 0.0.0.3
Router(config-router)# network 10.0.0.0
Router(config-router)#no auto-summary
Router(config-router)#ex
Router(config)#access-list 10 permit host 10.0.0.2
Router(config)#access-list 10 deny host 10.0.0.3
Router(config)#access-list 10 permit any
Router(config)#interface FastEthernet0/0
Router(config-if)#ip access-group 10 in

Router 1:


Router>en
Router#config terminal
Router(config-if)#interface FastEthernet0/0
Router(config-if)#ip address 20.0.0.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#interface Serial1/0
Router(config-if)#ip address 192.168.1.2 255.255.255.252
Router(config-if)#no shut
Router(config-if)#interface Serial1/1
Router(config-if)#ip address 192.168.1.9 255.255.255.252
Router(config-if)#no shut
Router(config-if)#router eigrp 1
Router(config-router)#network 192.168.1.0 0.0.0.3
Router(config-router)#network 192.168.1.8 0.0.0.3
Router(config-router)#network 20.0.0.0 0.0.0.255
Router(config-router)#no auto-summary
Router(config-router)#ex
Router(config)#access-list 10 permit host 20.0.0.2
Router(config)#access-list 10 deny host 20.0.0.3
Router(config)#access-list 10 permit any
Router(config)#interface FastEthernet0/0
Router(config-if)#ip access-group 10 in

Router 2:


Router>en
Router#config terminal
Router(config-if)#interface FastEthernet0/0
Router(config-if)#ip address 30.0.0.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#interface Serial1/0
Router(config-if)#ip address 192.168.1.13 255.255.255.252
Router(config-if)#no shut
Router(config-if)#interface Serial1/1
Router(config-if)#ip address 192.168.1.10 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#no shut
Router(config-if)#router eigrp 1
Router(config-router)#network 192.168.1.8 0.0.0.3
Router(config-router)#network 192.168.1.12 0.0.0.3
Router(config-router)#network 30.0.0.0 0.0.0.255
Router(config-router)#no auto-summary
Router(config-router)#ex
Router(config)#access-list 10 permit host 30.0.0.2
Router(config)#access-list 10 deny host 30.0.0.3
Router(config)#access-list 10 permit any
Router(config)#interface FastEthernet0/0
Router(config-if)#ip access-group 10 in

Router 0:


Router>en
Router#config terminal
Router(config-if)#interface FastEthernet0/0
Router(config-if)#ip address 40.0.0.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#interface Serial1/0
Router(config-if)#ip address 192.168.1.6 255.255.255.252
Router(config-if)#no shut
Router(config-if)#interface Serial1/1
Router(config-if)#ip address 192.168.1.14 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#no shut
Router(config-if)#router eigrp 1
Router(config-router)#network 192.168.1.4 0.0.0.3
Router(config-router)#network 192.168.1.12 0.0.0.3
Router(config-router)#network 40.0.0.0 0.0.0.255
Router(config-router)#auto-summary
Router(config-router)#ex
Router(config)#access-list 10 permit host 40.0.0.2
Router(config)#access-list 10 deny host 40.0.0.3
Router(config)#access-list 10 permit any
Router(config)#interface FastEthernet0/0
Router(config-if)#ip access-group 10 in
To test first do ping from various hosts to all other different host addresses which are permitted or denied in access-list to communicate...It should be successfully reply from the hosts which are permitted and Request timed out will display after you ping a denied host




Share
Posted in: Posted on: Wednesday 7 August 2013

0 comments:

Recent Comments

Copyright © 2013 Best Networking Solutions. WP Theme-junkie converted by BloggerTheme9
Blogger templates. Proudly Powered by Blogger.