How to Configure Standard ACL on Cisco Router

Configure Standard ACL Step By Step

​

Let’s see how to configure a Standard ACL. In this demonstration, we will restrict host 10.0.0.2 to access Router2. For this, we need to apply a standard ACL on the Fa0/1 interface to filter the incoming traffic.

​

1. First, execute the following command to deny host 10.0.0.2.

Router2(config)#access-list 10 deny host 10.0.0.2

1. When you deny a host on a router, the router will deny all the hosts until you explicitly define the list of permitted hosts. The following command will permit all the other hosts to access Router2.

Router2(config)#access-list 10 permit any

1. Next, switch to the interface on which you want to apply the ACL, in this case, Fa0/1, and define the direction (inbound or outbound) of traffic that you want to filter. In this case, we will filter the incoming packets on the Fa0/1 of Router2. To do so, execute the following commands.

​

Router2(config)#int fa0/1 Router2(config-if)#ip access-group 10 in Router2(config-if)#exit Router2(config)#exit

1. Once you applied an ACL on a router, execute the following command to view the applied ACLs.

Router2#show ip access-lists

The following figure shows the Standard ACL configuration of Router2.

1. Next, open the Command Prompt of PC0, try to ping 192.168.0.2. You should not be able to ping as shown in the following figure.

 

1. You can remove the configured ACLs if you want. To remove the ACL that we have configured, execute the following command on Router2.

Router2(config)#no access-list 10 deny host 10.0.0.2

1. Now, try to ping again from PC0 to Router2, this time, you should be able to ping successfully, because you have removed the applied ACL.