Basic things about Access ListS

by Nideesh C on January 21, 2011 · 1 comment

in Networking




The first thing to remember about ACL’s is they read from top to bottom. When a packet comes to a router interface, it is matched against the first line in the ACL, if it doesn’t meet the criteria, then it drops to the next line and so on until it reaches a permit or deny that fits it. The second thing to remember is THERE IS A IMPLICIT DENY underneath the last (bottom) line! Don’t apply an access-list to an interface without at least one permit statement. (Especially an inside interface!) Standard access lists can be numbered 1 – 99 or 1300 – 1999

The basic makeup of a line (statement) is:

permit / deny source_ip

access-list 1 permit 192.168.1.3 0.0.0.0

Depending on the interface and direction the list is applied, will determine its relevance. For example, if this access-list is placed on the inside interface with an “ip access-group 1 in” then the only traffic permitted into that interface will come from 192.168.1.3.

Whew! If I haven’t completely confused you yet, then get ready.

Wildcard masks are an inverse of normal subnet masks, so 0.0.0.0 is equivalent to the 255.255.255.255 of route advertisement, for example.

So if I want to deny the network 10.0.1.0 255.255.255.248 then I would type

access-list 1 deny 10.0.1.0 0.0.0.7.

if I want to permit a single host, I type

access-list 1 permit 192.168.1.1 0.0.0.0

Ridiculous, I know. I’m not going to get into the functionality behind this, we would be reading for an hour.

Finally, when you apply the access-list to an interface, don’t call it a “list” call it a “group”.

i.e.
router(config)# interface fastethernet 0/0
router(config-int)# ip access-group 1 in

only one ACL per interface, per direction, per protocol.

Not Satisfied ? Just search & get the result

Related Posts Plugin for WordPress, Blogger...
Be Sociable, Share!

Related posts:

  1. BRI ISDN Configuration On Cisco Router
  2. Router Commands
  3. NAT and PAT Configuration on Cisco Router
  4. How to configuration Point to Point lease line
  5. Cisco Routers Configuration Tips

Tagged as: , , , , , ,

Article by Nideesh C

Me, freelance system administrator having the qualification of Diploma in Electronics & Tele-communication + MCSE + CCNA + CST + 5 years of experience in IT field.

If you like This post, you can follow TheOnlineTutorials on Twitter.

Contact me Via email: support@theonlinetutorials.com

Subscribe to feed via Feed or EMAIL to receive instant updates.

Legal Disclaimer:All information found on the site is without any implied warranty of fitness for any purpose or use whatsoever. Content author/site administrator is not responsible for any loss occurred due to mistakes in this tutorial. Use this tutorial website at your own risk.

{ 1 comment… read it below or add one }

1 Truden April 17, 2011 at 9:20 am

Basic things about Access ListS

Reply

Leave a Comment

Previous post:

Next post: