Access Control List Configuration Example:


Network Topology:

In this blog we are going to configure access control list as per different different scenarios.We have five scenarios here we will apply the ACL accordingly.



Example 1: Write an ACL that prevents the 10.0 network from accessing the 30.0 network but allows everyone else to.


R2(config)#access-list 10 deny 192.168.10.0 0.0.0.255

R2(config)#access-list 10 permit any

R2(config)#interface fastethernet 0/0

R2(config)#ip access-group 10 out

Example 2: Write an ACL that states that 10.10 cannot access 30.10. Everyone else can.

R1(config)#access list 110 deny ip host 192.168.10.10 host 192.168.30.10

R1(config)#access list 110 permit ip any any

R1(config)#interface fastethernet 0/0

R1(config)#ip access-group 110 in


Example 3: Write an ACL that states that 10.10 can telnet to the R2 router. No one else can do.

R2(config)#access-list 20 permit host 192.168.10.5

R2(config)#line vty 0 4

R2(config-line)#access-class 20 in


Example 4: Write a named ACL that states that 10.10 can telnet to 50.10. No one else from 10.0 can telnet to 50.10. Any other host from any other subnet can connect to 50.10 using anything that is available.


R1(config)#ip access-list extended serveraccess

R1(config-ext-nacl)#10 permit tcp host 192.168.10.10 host 192.168.50.10 eq telnet

R1(config-ext-nacl)#20 deny tcp 192.168.10.0 0.0.0.255 host 192.168.50.10 eq telnet

R1(config-ext-nacl)#30 permit ip any any

R1(config-ext-nacl)#exit

R1(config)#interface fastethernet 0/0

R1(config)#ip access-group serveraccess in

Example 5: Write an ACL that states that hosts 10.1 to 10.63 are not allowed web access to 50.10.  Hosts 10.64 to 10.254 are. Everyone can do every thing else.

R1(config)#access-list 101 deny tcp 192.168.10.0 0.0.0.63 host 192.168.50.10 eq 80

R1(config)#access-list 101 permit ip any any

R1(config)#interface fastethernet 0/0

R1(config)#ip access-group 101 in




No comments