Knowledge Base

Our knowledge base for your self-education


Design & Configure

Access List example (Cisco)

Technology: Network Security
Area: ACL
Vendor: Cisco
Software: IOS 12.X , 15.X
Platform: ISR, ASR, Catalyst Switches

Access lists provides basic traffic filtering capabilities. Access lists can be configured for all routed network protocols to filter the packets of those protocols as the packets pass through a router or switch. The main rule is that access list is analyzed top down. First match applies and there is no need to check the rest ACEs (Access List Entries). At the end of ACL there is implicit deny statement.


To configure example ACL that denies telnet traffic and allows the rest traffic, use the following command:

Router#configure terminal
Router(config)#ip access-list extended 101
Router(config-ext-nacl)#5 deny tcp any any eq telnet
Router(config-ext-nacl)#10 permit ip any any
Router#show access-list


To verify access list configuration use:

Extended IP access list 101
5 deny tcp any any eq telnet
10 permit ip any any

Next ?>