Configure basic access control lists (ACLs) on a router or switch.
Configuring basic Access Control Lists (ACLs) on a router or switch involves defining rules to filter network traffic based on specific criteria. ACLs are used to control the flow of traffic through a network device by permitting or denying packets based on conditions such as source and destination IP addresses, protocols, and port numbers.
- Access the Command Line Interface (CLI):
- Access the device's CLI through a terminal emulator such as PuTTY or directly through a console cable.
- Enter Privileged EXEC Mode:
- Type
enable
and press Enter to enter privileged EXEC mode, providing access to configuration commands.
- Type
- Enter Global Configuration Mode:
- Type
configure terminal
or simplyconf t
and press Enter to enter global configuration mode.
- Type
- Create an ACL:Example:bashCopy codeaccess-list 10 permit tcp 192.168.1.0 0.0.0.255 any eq 80
- Type
access-list <ACL_number> {permit | deny} <protocol> <source> <source-wildcard> <destination> <destination-wildcard>
and press Enter.<ACL_number>
is a numeric value that identifies the ACL.<protocol>
is the network protocol to be filtered, such asip
,tcp
, orudp
.<source>
and<destination>
are the source and destination IP addresses.<source-wildcard>
and<destination-wildcard>
are used to specify ranges or wildcards for the source and destination addresses.
- Type
- Apply the ACL to an Interface:Example:bashCopy codeinterface GigabitEthernet0/1
ip access-group 10 in
- Type
interface <interface_type> <interface_number>
to enter the interface configuration mode. - Type
ip access-group <ACL_number> {in | out}
to apply the ACL to incoming or outgoing traffic on the interface.
- Type
- Verify ACL Configuration:bashCopy codeshow access-lists
bashCopy codeshow ip interface GigabitEthernet0/1- Use the
show access-lists
command to display the configured ACLs and their rules.
- Use the
- Verify the ACL configuration on the specific interface using the
show ip interface <interface_type> <interface_number>
command. - Save Configuration:bashCopy codewrite memory
- Ensure to save the configuration changes to the device's startup configuration file to make them persistent after a reboot.