Access Control Lists (ACL) are used to filter network traffic on Cisco routers. In order to filter network traffic, ACLs control if routed packets have to be forwarded or blocked at the ingress or egress router interface. The router checks each packet to determine whether to forward or drop the packet based on the criteria specified in the ACL applied to the interface.
Two types of IP ACL can be configured in Cisco Packet Tracer 7.2 :
access-list 1 permit 10.2.25.0 0.0.0.255
access-list 1 deny any
access-list 1 permit ip 10.2.25.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 101 permit icmp any 10.1.0.0 0.0.255.255 echo
access-list 1 deny ip any any
Access lists can be used to restrict remote SSH or Telnet access to the ISR router management interface (VTY) from specific networks only. Only numbered access-lists are supported on the Virtual Terminal Line.
The access-class command is used to apply the access list on the Virtual Terminal Line. The following configuration deny administrative access to the router except for the 192.168.1.0/24 network hosting admin workstations. Note the wildcard mask used in the access-list configuration for the /24 network.
access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 4
access-class 1 in
login
line vty 5 15
access-class 1 in
login