Packet Tracer 6.1 tutorial - ACL configuration

3.75 1 1 1 1 1 Rating 3.75 (20 Votes)


Access Control Lists (ACL) are used to filter network traffic on Cisco routers. In order to filter network traffic, ACLs control if routed packets have to be forwarded or blocked at the ingress or egress router interface. The router examines each packet to determine whether to forward or drop the packet based on the criteria specified in the ACL applied to the interface.


IP ACL types

Two types of IP ACL can be configured in Packet Tracer 6.0 :

  • Standard ACLs : This is the oldest ACL type which can be configured on Cisco routers. Traffic is filtered based on the source IP address of IP packets. The access-list number can be any number from 1 to 99. This ACL is quite deprecated.

access-list 1 permit
access-list 1 deny any

  • Extended ACLs : Introduced in IOS version 8.3, the extended ACLs are more complex and allow filtering of the IP traffic based on a combination of multiple criterias : source IP address, destination IP address, TCP or UDP port, protocol, .... In numbered ACLs, the access-list number can be any number from 100 to 199 or 2000 to 2699 (available in IOS versions >12.0.1). Such ACLs can also be named access lists in which the ACL number is replaced by a keyword.

access-list 1 permit ip
access-list 101 permit icmp any echo
access-list 1 deny ip any any

Configuration on Cisco 2911 ISR Router

Coming soon