Acacia High School - Access Control Lists

Acacia High School:

The main purpose of this TCS was to introduce the students to Access Control Lists. They were required to learn the two types of access lists, how each one functions, and how to implement an access list to a router.

The main learning objectives of the TCS were the following:

Describe what an Access Control List is.

Access lists are statements that specify conditions that an administrator sets so the router will handle the traffic covered by the access list. These lists are customized by the network administrator and allow greater control with the network traffic and also adds more security for the network.

Describe the two different types of access lists.

The more basic type of access list is known as a standard access list. A standard access list checks the source IP address of packets that could be routed. The result permits or denies output for an entire protocol suite, based on the network/host address/subnet.

The more advanced type of access list is called an extended access list. Extended access lists check for both source and destination packet addresses. The extended lists also checks for specific protocols, port numbers, and other parameters.

How to implement access lists. (Standard and Extended) Note that this is just an example of what to do.

Prompt Command

router-a> enable

Password: cisco

router-a# config t

router-a(config)# access-list 1 deny 10.2.0.0 0.0.255.255

router-a(config)# access-list 1 permit 10.1.0.0 0.0.255.255

router-a(config)# access-list 100 deny tcp 10.2.0.0 0.0.255.255 eq 23 any

router-a(config)# access-list 100 deny tcp 10.2.0.0 0.0.255.255 eq ftp any

router-a(config)# access-list 101 deny tcp 10.2.0.0 0.0.255.255 eq 25 any

router-a(config)# int e0/0

router-a(config-if)# ip access-group 1 in

router-a(config-if)# ip access-group 100 out

router-a(config-if)# exit

router-a(config)# exit

router-a# disable

router-a> exit

[Home] [LAN Design] [IGRP] [Access Lists] [IPX] [WAN] [PPP] [ISDN] [Frame Relay] [Other Materials]

Address

Sweet Home High School
c/o Mike Tojek
1901 Sweet Home Road
Amherst, New York 14228

If you have any questions, comments,
or corrections please send them to:

puckhead@angelfire.com
inspekta@adelphia.net
cesaro15@aol.com

Phone

(716) 250 - 1301
(716) 691 - 3553
(716) 691 - 7649
(716) 691 - 5040

Last updated June 7, 2000

Back to the top of this page

Prompt		Command
router-a>		enable
Password:		cisco
router-a#		config t
router-a(config)#		access-list 1 deny 10.2.0.0 0.0.255.255
router-a(config)#		access-list 1 permit 10.1.0.0 0.0.255.255
router-a(config)#		access-list 100 deny tcp 10.2.0.0 0.0.255.255 eq 23 any
router-a(config)#		access-list 100 deny tcp 10.2.0.0 0.0.255.255 eq ftp any
router-a(config)#		access-list 101 deny tcp 10.2.0.0 0.0.255.255 eq 25 any
router-a(config)#		int e0/0
router-a(config-if)#		ip access-group 1 in
router-a(config-if)#		ip access-group 100 out
router-a(config-if)#		exit
router-a(config)#		exit
router-a#		disable
router-a>		exit