Standard Numbered ACL Configuration in Packet Tracer - Netizzan

Standard Numbered ACL Configuration in Packet Tracer

Access Control Lists (ACLs) are a fundamental component of network security. It helps us control traffic flow within a network based on defined rules.

ACLs are categorized into two types: standard ACLs and extended ACLs. Standard ACL is further divided into standard-named ACL and standard-numbered ACL, while extended ACL is further divided into extended-named ACL and extended-numbered ACL.

Types of ACL

In our previous article, we explored the standard named ACL configuration. In this blog post, we will focus on the standard numbered ACL configuration.

This is a video demonstration of what we will be covering in this article.

Network Topology

For this demonstration, we will use the same network topology as in our previous article. This setup consists of two routers, each connected to a switch. Additionally, two PCs are connected to each of the switches attached to the routers.

Standard numbered ACL network topology

Below are the IP addresses used in this demonstration;

DeviceDefault GatewayInterface (Ip address)Interface (Ip address)Subnet Mask
Router 1(R1)__G0/0/1 (192.168.1.1)G0/0/0 (192.168.2.1)255.255.255.0
Router 2(R2)__G0/0/1 (192.168.3.1)G0/0/0 (192.168.2.2)255.255.255.0
PC0192.168.3.1fa/0 (192.168.3.2)__255.255.255.0
PC1192.168.3.1fa/0 (192.168.3.3)__255.255.255.0
PC2192.168.1.1fa/0 (192.168.1.2)__255.255.255.0
PC3192.168.1.1fa/0 (192.168.1.3)__255.255.255.0

We maintained the network configuration according to the IP addresses shown in the table above. Also, we have completed the static route configuration to ensure that all PCs can communicate with each other.

Standard Numbered ACL Configuration

Now that we have set up interface IP addresses and static routing, we can proceed to implement the standard numbered ACL configurations on the network.

Configuration Objectives:

Our primary objectives for this configuration are as follows:

  1. Configure a standard numbered ACL on Router 1 (R1) to deny traffic from PC0 (192.168.3.2) to the network (192.168.1.0/24) while permitting all other traffic.
  2. Configure a standard numbered ACL on Router 2 (R2) to deny traffic from PC2 to the network (192.168.3.0/24) while permitting all other traffic.

Configuration Steps:

To achieve the objectives we outlined above using standard-numbered ACLs, the following configuration steps are needed:

Step 1: Configure a Standard Numbered ACL on Router 1 (R1)

R1(config)# access-list 10 deny host 192.168.3.2
R1(config)# access-list 10 permit any

In the above ACL configuration:

  • The first line creates a standard numbered ACL with the identifier 10.
  • The second line denies traffic from host 192.168.3.2.
  • The third line permits all other IP traffic.

Step 2: Apply the ACL to the interface on Router 1 (R1).

R1(config)# interface GigabitEthernet0/0/1
R1(config-if)# ip access-group 10 out
R1(config-if)# do write

This configuration applies the ACL to traffic leaving the interface (GigabitEthernet0/0/1).

Step 3: Configure the Standard Numbered ACL on Router 2 (R2).

R2(config)# access-list 20 deny host 192.168.1.2
R2(config)# access-list 20 permit any
R2(config)# interface GigabitEthernet0/0/1
R2(config-if)# ip access-group 20 out
R2(config-if)# do write

In the above ACL configuration:

  • The first line creates a standard numbered ACL with the identifier 20.
  • The second line denies traffic from host 192.168.1.2.
  • The third line permits all other IP traffic.
  • The fourth line enters the interface (GigabitEthernet0/0/1).
  • The fifth line applies the ACL rules to the interface.

Step 4: Test the Configuration

To validate that we have achieved our standard numbered ACL configuration objectives, I pinged from PC0 and PC1 to each of PC2 and PC3, and the pings from PC1 succeeded while the pings from PC0 failed. This shows that we have achieved our first objective.

ALSO READ:  Standard Named ACL Configuration in Packet Tracer

an image showing ping from pc1 to pc 3

Also, I pinged from PC2 and PC3 to the two hosts on the network, 92.168.3.0/24, and all the pings failed. This shows that we have achieved our second objective.

an image showing ping from pc1 to pc 3

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top