What is Named ACL and How to Configure Named ACL

What is Named ACL and How to Configure Named ACL

What is Named ACL

Named ACL(Access-List) is not a new type; either this list is an extended or standard access list. Named ACL created differently than Extended or Standard access list, and functionally they are the same.


Named ACLs classify for Layer 3, and there are 10 rules applied to inbound traffic which is set by ACL(Access-List). The contents of a given field specified in each rule should be used to deny or permit access to the network. Through a network, it is used to perform packet filtering to control the movement of packets. In a network, packet filtering provides security by limiting traffic access, restricting device and user access to a network, and preventing traffic from leaving a network.

How to Configure Named ACL

Named ACL
How to Configure Named ACL


Configuring the Router R1 Interfaces

Router> enable

Router# configure terminal

Enter configuration commands, one per line. End with CNTL / Z.

Router (config) # hostname R1

R1 (config) # interface serial 0/1/0

R1 (config-if) # ip address 3.0.0.1 255.0.0.0

R1 (config-if) #clock rate 64000

R1 (config-if) #keepalive 10

R1 (config-if) #no shutdown

%LINK-5-CHANGED: Interface Serial0/1/0, changed state to down

R1 (config-if) #exit

R1 (config) # interface fastethernet0/0

OR

R1 (config) # int fa0/0

R1 (config-if) # ip address 4.0.0.40 255.0.0.0

R1 (config-if) #no shutdown

Interface Status
Interface Status up

R1 (config-if) #end

R1#

Configuring the Router R2 Interfaces

Router> enable

Router# configure terminal

Enter configuration commands, one per line. End with CNTL / Z.

Router (config) # hostname R2

R2 (config) # interface serial 0/1/0

R2 (config-if) # ip address 3.0.0.2   255.0.0.0

R2 (config-if) #keepalive 10

R2 (config-if) #no shutdown

Interface Status
Interface Status up

R2 (config-if) #exit

R2 (config) # interface fastethernet0/0

OR

R2 (config) # int fa0/0

R2 (config-if) # ip address 5.0.0.40 255.0.0.0

R2 (config-if) #no shutdown

Interface Status
Interface Status up

R2 (config-if) #end

R2#

Router R1 and R2 Routing Table

Router R1

R1# show ip route

IP Route
IP Route Status

R1#

Router R2

R2# show ip route

IP Route
IP Route Status

R2#


Completing Routing Tables of Routers R1 and R2

Router R1

R1# configure terminal

R1 (config) # ip route 5.0.0.0 255.0.0.0 3.0.0.2

Router R2

R2# configure terminal

R2 (config) # ip route 4.0.0.0 255.0.0.0 3.0.0.1

Router R1 and R2 Routing Table

Router R1

R1# show ip route

IP Route
IP Route Status

R1#

Router R2

R2# show ip route

IP Route
IP Route Status

R2#

Configuring Line vty and Enable Passwords on Router R2

R2# configure terminal

R2 (config) # enable password Networking123

R2 (config) # line vty 0 4

R2 (config-line) # password Ithome16

R2 (config-line) # login

Telnet Login
Telnet Login Password

R2 (config-line) # exit

R2 (config) #


Defining the Named Extended Access-List On Router R2 

R2 (config) # ip access-list?

IP Access-List
IP Access-List Extended

R2 (config) # ip access-list extended?

IP Access-List Extended
IP Access-List Extended Range

R2 (config) #ip access-list extended Networking?

  <cr>

R2 (config-ext-nacl) # deny?

IP Access-List Extended Deny
IP Access-List Extended Deny Service

R2 (config-ext-nacl) # deny icmp?

IP Access-List Extended deny
IP Access-List Extended Deny Service Host

R2 (config-ext-nacl) # deny icmp 3.0.0.1?

A.B.C.D               Source wildcard bits

R2 (config-ext-nacl) # deny icmp 3.0.0.1 0.0.0.0?

IP Access-List Extended
IP Access-List Extended Deny Service Host

R2 (config-ext-nacl) # deny icmp 3.0.0.1 0.0.0.0 3.0.0.2?

A.B.C.D               Destination wildcard bits

R2 (config-ext-nacl) # deny icmp 3.0.0.1 0.0.0.0 3.0.0.2 0.0.0.0?

IP Access-List Extended
IP Access-List Extended Deny Service Host


R2 (config-ext-nacl) # deny icmp 3.0.0.1 0.0.0.0 3.0.0.2 0.0.0.0

 R2 (config-ext-nacl) # permit ip any any

R2 (config-ext-nacl) #exit

R2 (config) #

Note: It will just deny the host 3.0.0.1 to get to 3.0.0.2 for ICMP traffic and from all sources, all other traffic is allowed.

Applying Named Access-List on Router R2

R2 (config) # int s 0/1/0

R2 (config-if) #ip access-group?

IP Access-Group
IP Access-Group Name

R2 (config-if) #ip access-group Networking?

IP Access-Group
IP Access-Group in/out

R2 (config-if) #ip access-group Networking in

R2 (config-if) #end

R2#

Verifying Named ACL

Router R1

R1# ping 3.0.0.2

Ping Verification
Unsuccessful Ping Verification

R1# telnet 3.0.0.2

Telnet Ping Verification
Successful Telnet Ping Verification

R1#

Router R2

R2#show ip access-lists

IP Access-List
IP Access-List Status

R2#

Removing Named ACL from Router R2

R2 (config) # int s0/1/0

R2 (config-if) # no ip access-group Networking in

R2 (config-if) #end

R2#

Verification

Router R1

R1# ping 3.0.0.2

Ping Verification
Successful Ping Verification

R1#

Search Tags

  1. What is named ACL
  2. What is the difference between named and numbered ACL
  3. Configuring Named Access Control Lists
  4. Named ACL configuration in packet tracer

Get Packet Tracer Lab


If you want to configure Extended ACL and Standard ACL then visit below link: ðŸ‘‡

How to Configure Extended ACL

How to Configure Standard ACL

Tags

Post a Comment

0 Comments