Cisco CCNA Exam Tutorial Configuring Standard Access Lists

Cisco Certification

Cisco Certification Central

Home | Article List | Submit An Article | Contact Us

Cisco CCNA Exam Tutorial Configuring Standard Access Lists

Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL does not take effect until it is expressly applied to an interface with the ip access-group command. Packets can be filtered as they enter or exit an interface.

If a packet enters or exits an interface with an ACL applied, the packet is compared against the criteria of the ACL. If the packet matches the first line of the ACL, the appropriate ,permit, or ,deny, action is taken. If there is no match, the second line?s criterion is examined. Again, if there is a match, the appropriate action is taken; if there is no match, the third line of the ACL is compared to the packet.

This process continues until a match is found, at which time the ACL stops running. If no match is found, a default ,deny, takes place, and the packet will not be processed. When an ACL is configured, if a packet is not expressly permitted, it will be subject to the implicit deny at the end of every ACL. This is the default behavior of an ACL and cannot be changed.

A standard ACL is concerned with only one factor, the source IP address of the packet. The destination is not considered. Extended ACLs consider both the source and destination of the packet, and can consider the port number as well. The numerical range used for each is different: standard ACLs use the ranges 1-99 and 1300-1399; extended lists use 100-199 and 2000 to 2699.

There are several points worth repeating before beginning to configure standard ACLs.

Standard ACLs consider only the source IP address for matches.

The ACL lines are run from top to bottom. If there is no match on the first line, the second is run; if no match on the second, the third is run, and so on until there is a match, or the end of the ACL is reached. This top-to-bottom process places special importance on the order of the lines.

There is an implicit deny at the end of every ACL. If packets are not expressly permitted, they are implicitly denied.

If Router 3?s Ethernet interface should only accept packets with a source network of 172.12.12.0, the ACL will be configured like this:

R3#conf t

R3(config)#access-list 5 permit 172.12.12.0 0.0.0.255

The ACL consists of only one explicit line, one that permits packets from source IP address 172.12.12.0 /24. The implicit deny, which is not configured or seen in the running configuration, will deny all packets not matching the first line.


Cisco CCNA Exam Tutorial Loopback Interfaces
Cisco CCNA Exam Tutorial: Loopback Interfaces As a CCNA candidate, you most likely have some background in PC hardware and workstation support. If so, youre already familiar with loopback interfaces..

The ACL is then applied to the Ethernet0 interface:

R3#conf t

R3(config)#interface e0

R3(config-if)#ip access-group 5 in

But before you write any ACLs, it's a really good idea to see what other ACLs are already running on the router! To see the ACLs running on the router, use the command show access-list.

R1#show access-list

Standard IP access list 1

permit 0.0.0.0

Standard IP access list 5

permit 172.1.1.1

Standard IP access list 7

permit 23.3.3.3

Cisco CCNA Certification Exam Tutorial Prefix Notation
Cisco CCNA Certification Exam Tutorial: Prefix Notation When youre preparing to pass the CCNA exam and earn this coveted Cisco certification, youve got to be totally prepared for the many kinds of..


Extended IP access list 100

permit tcp any any lt www (26 matches)

permit tcp any any neq telnet (12 matches)

deny ip any any

Extended IP access list 105

deny tcp any any eq www

deny tcp any any eq telnet

You're going to use ACLs all the way up the Cisco certification ladder, and throughout your career. The importance of knowing how to write and apply ACLs is paramount, and it all starts with mastering the fundamentals!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of freeCCNA andCCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

You can also join his RSS feed and visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website.

For a FREE copy of his latest e-books, ,How To Pass The CCNA, and ,How To Pass The CCNP,, visit the website and download your free copies. You can also get FREE CCNA and CCNP exam questions every day! Get yourCCNA study guide from The Bryant Advantage!

 

Full List of Articles
 

Latest Cisco Certification News:

  1. Softchoice Achieves Cisco Silver Partner Status in Canada

    Softchoice Corporation , a leading North American provider of IT solutions and services, is proud to announce it has achieved Silver Certification Partner Status from Cisco Inc. The designation provides Softchoice with valuable resources to support the delivery of advanced Cisco solutions on behalf of customers across Canada.

    Read More ...

  2. MTS Allstream Achieves Cisco Master Unified Communications Specialization

    MTS Allstream Inc. is pleased to announce it has achieved the Master Unified Communications Specialization from Cisco. This specialization recognizes MTS Allstream as having fulfilled the training requirements and program prerequisites to sell, deploy and support highly sophisticated applications-based Cisco unified communications solutions.

    Read More ...

  3. Small Biz Group born of Cisco-Linksys merger

    Said Sanjeev Gupta, Linksys Channel Director APAC, "This is a win-win situation for Linksys partners because they will now have access to Cisco's channel programs and training modules which will better equip them to carry the existing Linksys products to the small and medium business (SMB) customers on an integrated platform."

    Read More ...

  4. Microsoft sues site to stop certification test leaks

    A federal court in Connecticut has ordered a certification test help-site to stop publishing Microsoft-related materials after the software maker sued the company, claiming that it was selling actual certification exam questions. In a preliminary injunction signed Thursday, U.S. District Court Judge Warren Eginton ordered Pass4sure.com and its parent company, Freetech Services, to stop ...

    Read More ...

  5. Comstor Introduces Cisco Smart Care Service in Europe, Helping Resellers Drive Next Generation Service Opportunities ...

    Westcon Group, Inc., the leading specialty distributor in networking, convergence, security and mobility, today announced it will offer Cisco Smart Care Service to the European reseller market.

    Read More ...

  6. Microsoft wins ruling on certification tests

    Pass4sure sued over certification test leaks A federal court in Connecticut has ordered a certification test help-site to stop publishing Microsoft-related materials after the software maker sued the company, claiming that it was selling actual certification exam questions.

    Read More ...

  7. Tuesday, the 19th of August 2008

    TWO local students are hoping to become Cambodia's first certified Cisco Systems trainers, according to First Cambodia (FC), a computer systems company.

    Read More ...

Cisco Certification

Cisco CCNA Exam Tutorial Configuring Standard Access Lists