Wednesday, May 29, 2019

Router Access Control List ( Standard ) using Cisco Packet Tracer






Router>en

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface fastEthernet 0/0

Router(config-if)#ip address 192.168.10.10 255.255.255.0

Router(config-if)#no shutdown

 

Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

 

Router(config-if)#

 

 

---------------------

Router(config-if)#exit

Router(config)#interface fastEthernet 0/1

Router(config-if)#ip address 10.10.10.10 255.0.0.0

Router(config-if)#no shutdown

 

Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

 

Router#

 

------------------------  ----------------------

 

Router#

Router#en

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip a?

access-list

Router(config)#ip access-list ?

extended Extended Access List

standard Standard Access List

Router(config)#ip access-list standard ?

<1-99> Standard IP access-list number

WORD Access-list name

Router(config-std-nacl)#ip access-list standard 11

Router(config-std-nacl)#?

<1-2147483647> Sequence Number

default Set a command to its defaults

deny Specify packets to reject

exit Exit from access-list configuration mode

no Negate a command or set its defaults

permit Specify packets to forward

remark Access list entry comment

Router(config-std-nacl)#deny ?

A.B.C.D Address to match

any Any source host

host A single host address

Router(config-std-nacl)#deny host 192.168.10.2

Router(config-std-nacl)#permit ?

A.B.C.D Address to match

any Any source host

host A single host address

Router(config-std-nacl)#permit any

Router(config-std-nacl)#exit

-----------------------   ---------------------------------

Router(config)#interface fastEthernet 0/0

Router(config-if)#ip a?

access-group address authentication

Router(config-if)#ip access-group ?

<1-199> IP access list (standard or extended)

WORD Access-list name

Router(config-if)#ip access-group 11 ?

in inbound packets

out outbound packets

Router(config-if)#ip access-group 11 in

Router(config-if)#exit

Router(config)#exit

Router#

%SYS-5-CONFIG_I: Configured from console by console

 

Router#show ac

Standard IP access list 11

10 deny host 192.168.10.2

20 permit any

 

Router#ping ^Z

 


Posted by at
Labels: