Access Control Lists (ACLs) are a fundamental part of network security. They serve as a tool to control traffic flow within a network, permitting or denying access based on defined rules.
In Cisco Packet Tracer, ACLs come in two forms: Standard ACLs and Extended ACLs. Standard ACLs are further divided into standard named ACLs and standard numbered ACLs. In this blog post, we’ll delve into Standard Named ACL Configuration.
This is a video demonstration of what we will be covering in this article.
Numbered ACLs: The Other Form of Standard ACLs
Before we dive into standard named ACLs, it’s essential to understand that numbered ACLs are the second form of standard ACLs.
This post is one of our series on ACL configuration. You can check others below;
- Standard Numbered ACL Configuration in Packet Tracer
- Extended Numbered ACL Configuration in Packet Tracer
- Extended Named ACL Configuration in Packet Tracer
So, let’s start by creating a network topology that we’ll use for this demonstration.
Network Topology
In our network, we’ll have two routers, each with one subnet. To make things more simple, we connected two PCs to each of the switches attached to the routers.
Here are the IP addresses that we used for this demonstration.
Device | Default Gateway | Interface (Ip address) | Interface (Ip address) | Subnet Mask |
---|---|---|---|---|
Router 1(R1) | __ | G0/0/1 (192.168.1.1) | G0/0/0 (192.168.2.1) | 255.255.255.0 |
Router 2(R2) | __ | G0/0/1 (192.168.3.1) | G0/0/0 (192.168.2.2) | 255.255.255.0 |
PC0 | 192.168.3.1 | fa/0 (192.168.3.2) | __ | 255.255.255.0 |
PC1 | 192.168.3.1 | fa/0 (192.168.3.3) | __ | 255.255.255.0 |
PC2 | 192.168.1.1 | fa/0 (192.168.1.2) | __ | 255.255.255.0 |
PC3 | 192.168.1.1 | fa/0 (192.168.1.3) | __ | 255.255.255.0 |
To keep things precise, we have configured the network according to the IP address shown in the table above. Also, we have completed the static route configuration so that all the PCs can reach each other. We have shown how to do this on another post; static route configuration.
Standard Named ACL Configuration
Now that we have configured interface IP address and the static router configuration, we can proceed to implement the Standard ACL configuration.
Configuration Objectives:
The objective of this configuration is to:
- Configure a Standard Named ACL on Router 1 (R1) to Deny traffic from PC0 (192.168.3.2) to the network(192.168.1.0/24) while permitting all other traffic.
- Configure a Standard Named ACL on Router 2 (R2) to deny traffic from PC2 to the network(192.168.3.0/24) while permitting all other traffic.
Configuration Steps:
To achieve the above objective using Standard named ACL, we need to take the following steps;
Step 1: Configure a Standard Named ACL on Router 1 (R1):
R1(config)# ip access-list standard FILTER_ACL
R1(config-std-nacl)#deny 192.168.3.2
R1(config-std-nacl)#permit any
In the abo e ACL configuration:
- The first line create a standard ACL with the name; FILTER_ACL
- The second line denies traffic from 192.168.3.2
- The third line permits all other IP traffic.
Step 2: Apply the ACL to the Interface on Router 1 (R1):
R1(config-std-nacl)#int g0/0/1
R1(config-if)#ip access-group FILTER_ACL out
R1(config-if)#do write
This configuration applies the ACL to the traffic going out of the interface (G0/0/1)
Step 3: Configure the Standard Named ACL on Router 2 (R2):
R2(config)#ip access-list standard FILTER_ACL2
R2(config-std-nacl)#deny 192.168.1.2
R2(config-std-nacl)#permit any
R2(config-std-nacl)#int g0/0/1
R2(config-if)#ip access-group FILTER_ACL2 out
R2(config-if)#do write
In the abo e ACL configuration:
- The first line creates a standard ACL with the name; FILTER_ACL2
- The second line denies all form of traffic
- The third line enters the interface; g0/0/1.
- Fourth Line applies the rules to an interface.
Step 4: Test the configuration
To test the ACL configuration that we have implemented, I pinged from PC0 and PC1 to each of PC2 and PC3, and the pings from PC1 succeeded while the pings from PC0 failed. This shows that we have achieved our first objective.
Also, I pinged from PC2 and PC3 to the two hosts on the network, 92.168.3.0/24, and all the pings failed. This shows that we have achieved our second objective.
Related Posts;
- Standard Numbered ACL Configuration in Packet Tracer
- Extended Numbered ACL Configuration in Packet Tracer
- Extended Named ACL Configuration in Packet Tracer
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below
Hello netizzan.com admin, Your posts are always well-delivered and engaging.
Thanks for your compliment