TECHNIG
Gateway for IT Experts and Tech Geeks

Configure Standard Access List On Cisco Router

How to Configure Standard Access Control List on Cisco Router?

Here we configure standard access list on Cisco router devices. The Standard Access List (ACL) on Cisco router works to permit or deny the entire network protocols of a host from being distinguishing. These decisions are all based on source IP address which filters network traffic by examining the source IP address in a packet. We can create the standard IP access list by using the access-list command with numbers 1 to 99 or in the expanded range of 1300 to 1999.

I’m using Cisco Packet Tracer to do this task. You can create your own network topology within Cisco packet tracer or use the best network simulator GNS3. If you are new in GNS3, I recommended to read the topics of GNS3 installation “Install GNS3 Network Simulator Step by Step in Windows” and the configuration article “Essential GNS3 Configuration for Cisco Lab“, these will help you to find your way in using GNS3.

Here I share my own created topology for standard IP access list with packet tracer. Download and test it. Download CCNA Lab: Configure Standard Access List.

CCNA Lab - Configure Standard Access List
CCNA Lab – Configure Standard Access List

Try to configure it with any routing protocol you want. Static route, RIP, or OSPF. This article “Configure Static Routing in Packet Tracer” can help you to configure static routing for CCNA.

Configure Standard Access List on Cisco Router

Let’s test the standard access list on our network with preventing access from subnet 192.168.10.0 to network 192.168.0.0 which connected directory to router R1 and just allow PC2 can get access to the network 192.168.0.0/24.

Configure Standard Access List on Cisco Router and Switch - Technig
Configure Standard Access List on Cisco Router and Switch – Technig

In the router R1, create an access list “access-list 10 permit 192.168.10.3 0.0.0.0” and then set it on the FastEthernet 0/0 which is the gateway to the network.

R1>enable 
R1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#access-list 10 permit 192.168.10.3 0.0.0.0
R1(config)#interface FastEthernet 0/0
R1(config-if)#ip access-group 10 out
R1(config-if)#exit

The command ” access-list 10 permit 192.168.10.3 0.0.0.0” deny all host on the network 192.168.10.0 but permit only PC3. We use the wildcard 0.0.0.0 for PC3. It’s only allowed the exact host with 192.168.10.3 IP address.

The command “IP access-group 10 out” just apply this outbound traffic to this network.

Remember, we set the access list command on the global configuration and set the IP access-gorup to the interface configuration.

Now test the with ping from PC3 to any host on the network 192.168.0.0/24. It must ping successfully but not allowed for other PCs of the network 192.168.10.0/24.

You can configure it with the following configuration also.

R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#access-list 10 deny 192.168.10.3 0.0.0.0
R1(config)#access-list 10 permit any
R1(config)#interface FastEthernet 0/0
R1(config-if)#ip access-group 10 out

Working with Standard access list on Cisco router is easy and simple. Just try to do some more practice to get expert. If you want to know and test more access-list commands, simply type a question mark (?) in front of your command.

R2(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
R2(config)#access-list 10 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
R2(config)#access-list 10 permit ?
A.B.C.D Address to match
any Any source host
host A single host address
R2(config)#access-list 10 permit any ?
<cr>

Hope it would be helping you to understand the Standard IP access list on Cisco routers.

6 Comments
  1. nayibzada says

    Great. It works fine.

  2. amanullah says

    OF course it works properly I tested that

  3. Ahmad says

    Hi Shais,

    not quite get on the second option:
    R1>enable
    R1#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    R1(config)#access-list 10 deny 192.168.10.3 0.0.0.0
    R1(config)#access-list 10 permit any
    R1(config)#interface fastEthernet 0/0
    R1(config-if)#ip access-group 10 out

    should it be :
    R1(config)#access-list 10 deny 0.0.0.0

  4. Ahmad says

    Look like missing my line there:

    R1(config)#access-list 10 deny CP2_IP 0.0.0.0

    1. Shais says

      Hi Ahmad,

      That is exactly the problem?

  5. arbaz ahmad says

    can you tell me how i can permit 10 hosts out of 20 with just one or few commands?

Leave A Reply

Your email address will not be published.