Sign in Subscribe

Configure basic access control lists (ACLs) on a router or switch.

Last updated on 


Configuring basic Access Control Lists (ACLs) on a router or switch involves defining rules to filter network traffic based on specific criteria. ACLs are used to control the flow of traffic through a network device by permitting or denying packets based on conditions such as source and destination IP addresses, protocols, and port numbers.

  1. Access the Command Line Interface (CLI):
    • Access the device's CLI through a terminal emulator such as PuTTY or directly through a console cable.
  2. Enter Privileged EXEC Mode:
    • Type enable and press Enter to enter privileged EXEC mode, providing access to configuration commands.
  3. Enter Global Configuration Mode:
    • Type configure terminal or simply conf t and press Enter to enter global configuration mode.
  4. Create an ACL:Example:bashCopy codeaccess-list 10 permit tcp 192.168.1.0 0.0.0.255 any eq 80
    • Type access-list <ACL_number> {permit | deny} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> and press Enter.
      • <ACL_number> is a numeric value that identifies the ACL.
      • <protocol> is the network protocol to be filtered, such as ip, tcp, or udp.
      • <source> and <destination> are the source and destination IP addresses.
      • <source-wildcard> and <destination-wildcard> are used to specify ranges or wildcards for the source and destination addresses.
  5. Apply the ACL to an Interface:Example:bashCopy codeinterface GigabitEthernet0/1
    ip access-group 10 in
    • Type interface <interface_type> <interface_number> to enter the interface configuration mode.
    • Type ip access-group <ACL_number> {in | out} to apply the ACL to incoming or outgoing traffic on the interface.
  6. Verify ACL Configuration:bashCopy codeshow access-lists
    bashCopy codeshow ip interface GigabitEthernet0/1
    • Use the show access-lists command to display the configured ACLs and their rules.
    • Verify the ACL configuration on the specific interface using the show ip interface <interface_type> <interface_number> command.
  7. Save Configuration:bashCopy codewrite memory
    • Ensure to save the configuration changes to the device's startup configuration file to make them persistent after a reboot.