Open in app

Sign in

Write

Sign in

Cisco ACL (Access Control Lists)

CCNA 200–301

Mohammed Waseem
3 min readJan 5, 2023

ACLs are a list of rules that permit or deny access to a specific network or host.

ACLs always have implicit deny meaning anything not specified in the access list will be denied and packets will be dropped.

ACLs work in the order of the entries called ACE (Access Control Entries)

ACLs need to be placed in interfaces in a direction inbound or outbound

Types

  1. Standard ACL (Numbered/Named)
  2. Extended ACL (Numbered/Named)

Standard ACL

> Range: 1–99 and 1300–1999

> Only uses the source IP address for filtering/controlling access

> Always place it near the destination based on access requirements.

Syntax:

(config)# access-list <1–99> <permit | deny> <NetwordId> <WildcardMask>

OR

(config)# access-list <1–99> <permit | deny> host <IP Address>

OR

(config)# access-list <1–99> <permit | deny> any

OR

(config)#ip access-list standard <1–99>

(config-std-nacl)#<permit | deny> <SourceNetId> <WildcardMask>

OR

(config)#ip access-list standard <1–99>

(config-std-nacl)#<permit | deny> host <IP Address>

OR

(config)#ip access-list standard <1–99>

(config)# access-list <1–99> <permit | deny> any

Topology

According to the requirements, the server network is the destination, hence, our standard ACL will be placed on the interface gigabit0/2 outbound of the destination router (R2), so that the packets are filtered before it passes to the server network

WORKS!!🎉

Extended ACL

> Range: 100–199 and 2000–2699

> It uses the source IP address & destination IP address and port numbers for filtering/controlling access

> Always place near the source based on access requirements.

Syntax:

(config)#access-list <100–199> <permit | deny> ip <SourceNetId> <WildcardMask> <DestNetId> <WildcardMask>

(config)#access-list <100–199> <permit | deny> ip host <SourceIP> <DestNetId> <WildcardMask>

(config)#access-list <100–199> <permit | deny> ip host <SourceIP> host <DestIP>

(config)#access-list >100–199> <permit | deny> ip any any

(config)#access-list <100–199> <permit | deny> tcp host <SourceIP> host <DestIP> <eq | gt | lt | range | neq> <Port number (0–65535)>

And many more……

Topology

According to the requirements, sources differ, so ACLs will be placed at the source network routers.

Ext-ACL 100

Ext-ACL 101

WORKS!!🎉

Cisco
Ccna
Acl
Security
Control

--

--

Mohammed Waseem
Mohammed Waseem

Written by Mohammed Waseem

40 Followers
4 Following

BSc in IT Graduate | CCNA | IT Support | Networking

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams