0
Here,we are going to see how to configure standard access list for multiple networks.


Step 1:Create a topology like this, and configure ip address like in topology that i have given.In packet tracer, router having only two fastethernet. So, we have to add interface depends on our requirements.Go to this link to learn how to add interfaces.

How to add more interfaces to router?







Step 2:Now,I am going to stop entire 10.0.0.0 network ,packets that is going to 30.0.0.0 network.And a host 20.0.0.2 to 30.0.0.0 network.Other host in 20.0.0.0 network should communicate with server that is 30.0.0.0 network.

Step 3:First we should choose right interfaces for this access list to bind.Interface fastethernet2/0 is the right interface for this access list,because packets from both network will be going out through fastethenet2/0.


Step 4:Now,create standard access list based on above statement,deny statement must be at top of the access list, because router process access list from top to bottom.So, We must configure deny line first after that we configure permit.


In Router ,Global Configuration mode,

Router(config)#access-list 10 deny 10.0.0.0 0.255.255.255
Router(config)#access-list 10 deny host 20.0.0.2
Router(config)#access-list 10 permit any



       Here,Router will process first line and it will block packets from 10.0.0.0 network to 30.0.0.0 network.

       Second line will block the host 20.0.0.2 only,

       Packets from other than 20.0.0.2 will not match above two statements then the router will process third line 'permit any' statement allow rest of the ip address other that 20.0.0.2.Once the match found in access list the router wont go to the next line.Network 10.0.0.0 can communicate with network 20.0.0.0


Step 5:Go to router and bind the access list to fastethernet 2/0,


Router(config)#interface fastethernet2/0
Router(config-if)#ip access-group 10 out
Router(config-if)#exit


     Here, 'Out' This tells the router packet that goes out of this interface fastethernet 2/0 will be filtered based on access list 10.


Step 6:Now, I am going to check with  host from 10.0.0.0 network and host from 20.0.0.0 network.




Here,entire 10.0.0.0 network were blocked and host 20.0.0.2 from 20.0.0.0 was blocked.other host still communicating with server.



Post a Comment

 
Top