Home > Others

To configure a standard ACL on a router

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

"Experiment name" configures standard ACLs on routers

"Experimental Purposes"

Master the rules and configuration of standard ACLs on routers.

"Experimental mission."

To achieve the security control of the exchange of visits between network segments.

"Experimental principle"

(1) Standard access control List (ACL)

Standard ACLs enable simple source-address filtering by using the source IP address in the IP packet.

Configuring standard ACLs takes place in global configuration mode, command format:

Router (config) # access-list acl_number{permit | deny}source_address dcard-mask

 

Parameters:

L Acl_number:The number of the ACL, the value range is 1~99.

L keywords permit and deny: indicates permission or refusal to pass.

L Parameter Source address: A network address or a host location.

L parameter dcard-mask: wildcard Mask (counter mask), in contrast to subnet screen code.

(2) Apply access control list to specific port

After the access control list configuration is complete, it can be applied to the specific port on the router. The first step is to enter the port where you want to add the access control list, and then execute the following command:

Router (config-if) # IP access-group acl_number{in | out}

Parameters:

acl_number: ACL number that needs to be applied

In | out: The direction of the data flow for routers.

"Experimental Content"

"Experimental Topology"

In the experiment, the network is connected according to the topology, and the ports connected by the host and the switch are noted.

The experimental topology I drew on my own simulator is shown below

"Experimental Steps"

Step 1. Basic configuration on Router route 0:

Route (config) #hostname Route0//router naming

Route0 (config) #interface F0/1

Route0 (config-if) #no shutdown

Route0 (config-if) #ip address 192.168.1.1 255.255.255.0//Configure IP addresses to interface

Route0 (config-if) #int s1/0

Route0 (config-if) #no shutdown

Route0 (config-if) #clock rate 64000//Configure clock frequency

Route0 (config-if) #ip add 10.1.2.1 255.255.255.0

Route0 (config-if) #exit

Route0 (config) #ip Route 192.168.2.0 255.255.255.0 s1/0//Configure static routing

Step 2. Basic configuration on Router Route 1:

Route (config) #hostname Route1

Route1 (config) #interface f 0/1

Route1 (config-if) #no shutdown

Route1 (config-if) #ip address 192.168.2.1 255.255.255.0

Route1 (config) #int s1/0

Route1 (config-if) #no shutdown

Route1 (config-if) #ip address 10.1.2.2 255.255.255.0

Route1 (config-if) #exit

Route1 (config) #ip Route 192.168.1.0 255.255.255.0 s1/0//Configure static routes

Step 3: After doing the above configuration, test the connectivity between PC1 and PC2 to ensure that they can access each other.

Results screenshot:

PC0 Ping PC1 Success

PC1 Ping PC0 Success

Step 4. To configure the standard ACLs on Route 0:

Route0 (config) #access-list 1 deny 192.168.1.0 0.0.0.255

Configure standard ACLs and do not allow traffic to 192.168.1.0 this network segment

Route0 (config) # int s1/0

Route0 (config-if) #ip Access-group 1 out//ACL applied to interface s1/0 stack direction

Route0 (config-if) #end

ROUTE0 #show access-lists 1//view access list 1 for more information

Results screenshot:

Step 5. Test: Do the above configuration, and then test the connectivity between PC1 and PC2, if not ping, the experiment is successful.

Results screenshot:

Step 6. Remove the ACL from the s1/0 interface on the ROUTE0 and detect the connectivity between PC1 and PC2 again.

Route0 (config) # int s1/0

Route0 (config-if) #no IP access-group 1 out//To remove ACLs on interface s1/0

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to configure bgp on cisco router how to configure wan on cisco router how to pass comptia a how to verify a certification a a safety drive a sm a

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More