Skip to content
  • Home
  • Categories
    • Workstation
      • Laptop
      • Desktop
    • Information
    • Troubleshooting
    • Operating Systems
      • Windows
    • Guides
    • Fixes
    • Security
    • Backup
    • Scripting
    • Data Recovery
    • Facebook
    • Avaya
  • All The Legal
    • Disclaimer
    • Privacy Policy
Techtips.co.za
  • Home
  • Categories
    • Workstation
      • Laptop
      • Desktop
    • Information
    • Troubleshooting
    • Operating Systems
      • Windows
    • Guides
    • Fixes
    • Security
    • Backup
    • Scripting
    • Data Recovery
    • Facebook
    • Avaya
  • All The Legal
    • Disclaimer
    • Privacy Policy
  • Home
  • / Cisco /
  • Networks
  • /
  • Cisco ACL Revision
Cisco . Networks

Cisco ACL Revision

On May 11, 2018 by TechTips

Access Control Lists (ACL)

Access Control Lists are used to:

  • Prioritise traffic
  • Restrict or reduce updates
  • Provide basic security
  • Block types of traffic

Access control list placement

  • Standard ACLs – Place as close to destination as possible.
  • Extended ACLs – Place as close to source of traffic as possible.
  • Only one ACL per port per direction is allowed.
  • ACL are more efficient on outbound port.
  • If a packet does not match the ACL statement then it will be implicitly denied.
  • Once a packet matches an ACL statement no other checks are made, it is permitted.

 

ACL IOS commands

Standard ACLs – Used to permit or deny an entire protocol suite.

The following two statements have the same effect:

Router(config)# access-list 1 permit 0.0.0.0 255.255.255.255 Router(config)# access-list 1 permit any

The following two statements also have the same effect:

Router(config)# access-list 1 permit 172.30.16.29 0.0.0.0 Router(config)# access-list 1 permit host 172.30.16.29

Extended ACLs – Used to permit or deny specific protocols

Protocol ranges are used in ACL statements to deny specific protocols. Below are the ones you will need for your CCNA.

ProtocolRange
IP1-99
Extended IP100-199
Appletalk600-699
IPX800-899
Extended IPX900-999
IPX SAP1000-1099

Use the following table to permit or deny specific protocols, ports or ranges of port numbers, an example ACL follows.

ltLess than
gtGreater than
neqNot equal to
eqEqual to

Router(config)# access-list 101 deny tcp 172.16.4.0 0.0.255.255 any eq 23 Router(config)# access-list 101 permit ip any any established – Established keyword used to connect with a TCP established connection.

Named ACLs

Named access control lists are another way of creating ACLs, any example follows.

Router(config)# ip access-list standard Nik Router(config std-nacl)# deny any log – used to deny log packets.

Viewing ACLs

Router(config)# show access-lists – shows all access lists. Router(config)# show access-list 101 – shows access list 101. Router(config)# show ip interface – used to find out which access lists are on which interfaces.

Configuring ACLs on an interface

Router(config)# interface s1 Router(config-if)# ip access-group 1 out /in – out bound is the default.

Removal of ACLs

Router(config)# no access-list 1

Tags: CCNA, cisco, router
  • 3G
  • Adobe Acrobat
  • Apple
  • Avaya
  • Backup
  • Backup
  • BES Server
  • Bitlocker
  • Blackberry
  • Cisco
  • Control Guard
  • ControlGuard
  • Data Recovery
  • Desktop
  • Document Template
  • Documents
  • Email Template
  • Enterprise Services
  • Exchange
  • Facebook
  • Fixes
  • FoxIT
  • General
  • Google+
  • Guides
  • Hardware
  • Headset
  • Helpdesk
  • Home Assistant
  • Home Automation
  • IIS7
  • Information
  • Java
  • KeyLogger
  • Laptop
  • Log Off
  • Logon
  • Mobile
  • Mobile / 3G
  • Multifunction Printers
  • Networks
  • Objectives and KPI's
  • Operating Systems
  • OSX
  • Outlook 2007
  • Outlook 2010
  • PGP Encryption
  • Phishing
  • Port/Device Control
  • Powershell
  • Printers & Imaging
  • Robocopy
  • RSA Security Console
  • Scripting
  • Security
  • Social Media
  • Software
  • Spiceworks
  • Support Apps
  • Teamviewer
  • Teamviewer
  • Troubleshooting
  • Twitter
  • Two-Step Verification
  • Virtualization
  • VoIP
  • VPN
  • Web and Internet
  • Windows
  • WordPress
  • Workstation
  • XAMPP – Apache

address automatic complete Avaya Backup basic Blackberry Blackberry Enterprise Server CCNA cisco commands config configuration Desktop Support email Email Signature Email Template Error Exchange Facebook Factory Defaults feature file Fix How to KPI Laptop Microsoft Office Outlook 2007 Microsoft Outlook Outlook Outlook 2007 Outlook 2010 password security Phishing Phishing Scams router S.M.A.R.T Security start Startup/Shutdown Template Tips troubleshooting windows Windows 7 Windows XP