Second command checks whether we are able to access the remote device or not. To test this setup click Laptop0 and Desktop and click Command Prompt.įirst command verifies that we are testing from correct NAT device. Let’s create a standard access list which allows two hosts and denies one host. Wildcard can be calculated in decimal or in binary from subnet mask. Wildcard mask is the invert of Subnet mask. Where subnet mask is used to separate network address from host address, wildcard mask is used to distinguish the matching portion from the rest. Just like subnet mask, wildcard mask is also used to draw a boundary in IP address. To match a range of addresses, we need to use wildcard mask. To match a single address, simply type its address. Through this option we can match a single address or a range of addresses. To match a particular host, type the keyword host and then the IP address of host. Host keyword is used to match a specific host. Every packet compared against this condition would be matched. We have three options to specify the source address.Īny keyword is used to match all sources. In a standard ACL condition it could be a single source address or a range of addresses. This parameter allows us to specify the contents of packet that we want to match. If we use deny keyword, ACL will drop all packets from the source address specified in next parameter. If we use permit keyword, ACL will allow all packets from the source address specified in next parameter. This number is also a unique identifier for this ACL in router.Īn ACL condition has two actions permit and deny. This number is used in groping the conditions under a single ACL. We can pick any number from this range to tell the router that we are working with standard ACL.
Standard ACL uses numbers range 1 to to 1999.
Both lists have their own unique identifier numbers. We have two types of access list standard and extended. With this parameter we specify the type of access list. Through this parameter we tell router that we are creating or accessing an access list. This command prompt indicates that we are in global configuration mode. Let’s understand this command and its options in detail. Router(config)# access-list ACL_Identifier_number permit/deny matching-parameters