CREATE THE ACCESS LIST IN GLOBAL CONFIGURATION MODE OF YOUR ROUTER2

Note: remember that a standard access list is placed closest to the destination network of the traffic and an extended access-list is placed closest to the source of the traffic.

Standard Access List Command Format:

Router(config)# access-list <1-99> <deny/permit> <source_address>

Steps to create standard access list

1. Create the access list in global configuration mode of your router

2. Apply in it in the interfaceblockquote>

For example, you want to block all IP traffic coming from network 170.1.1.0/24 (mask 255.255.255.0) to your router A, and permit traffic from all other networks.

Step 1(creating access list):

RouterA (config) #access-list 10 deny 170.1.1.0 0.0.0.255

RouterA (config) #access-list 10 permit any

Note: if you did not add “access-list 10 permit any” in the second line, your router would block all other IP traffic, no IP traffic would be allowed to enter your router from outside.

Step2 (apply access list in an interface):

RouterA (config) #interface fastEthernet 0/0

RouterA (config) #ip access-group 10 in

Note: if you wanted to block outgoing traffic from your router, you would have to write “ip access-group 10 out”.

Allow IP Traffic From A Specific Host

For example, you want to allow traffic only from a specific host with Ip 172.32.16.27; you have to write the command as follows:

Router (config) # access-list 20 permit 172.32.16.27 0.0.0.0