acl configure in eigrp routing on cisco router

How to configure Access control list (ACL) in EIGRP routing on Cisco router?

ACL configure in EIGRP routing on Cisco router




Extended ACL (100-199)
Denies or permit: source ip address,
destination ip address, port(services)

Extended ACL (100-199)
Applied closest to the source






Router0 Configuration

Router0#sh run

Building configuration...

Current configuration : 675 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
enable password just@123
!
ip cef
no ipv6 cef
!
interface Loopback1
ip address 192.168.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 1.1.1.1 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
router eigrp 101
network 1.0.0.0
network 192.168.0.0
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
password 1234
login
!
!
!
end


Router1 Configuration

Router(config)#access-list 101 deny icmp host 1.1.1.1 host 3.3.3.4 echo
Router(config)#access-list 101 deny tcp host 1.1.1.1 host 3.3.3.4 eq telnet
Router(config)#access-list 101 deny tcp host 2.2.2.3 host 1.1.1.1 eq telnet
Router(config)#access-list 101 deny icmp host 2.2.2.3 host 1.1.1.1 echo
Router(config)#access-list 101 deny icmp host 2.2.2.3 host 192.168.0.1 echo
Router(config)#access-list 101 permit ip any any

Interface configuration

int fa 0/0
Router(config-if)#ip access-group 101 in
int fa 0/1

Router(config-if)#ip access-group 101 in

Router1#sh run

Building configuration...

Current configuration : 1065 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable password just@123
!
ip cef
no ipv6 cef
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 1.1.1.2 255.0.0.0
ip access-group 101 out
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 2.2.2.2 255.0.0.0
ip access-group 101 out
duplex auto
speed auto
!
router eigrp 101
network 2.0.0.0
network 1.0.0.0
network 192.168.1.0
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
access-list 101 deny icmp host 1.1.1.1 host 3.3.3.4 echo
access-list 101 deny tcp host 1.1.1.1 host 3.3.3.4 eq telnet
access-list 101 deny tcp host 2.2.2.3 host 1.1.1.1 eq telnet
access-list 101 deny icmp host 2.2.2.3 host 1.1.1.1 echo
access-list 101 deny icmp host 2.2.2.3 host 192.168.0.1 echo
access-list 101 permit ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
password 1234
login
!
!
!
end

Router 2 Configuration

Router(config)#access-list 101 deny icmp host 3.3.3.4 host 1.1.1.2 echo
Router(config)#access-list 101 deny icmp host 3.3.3.4 host 1.1.1.1 echo
Router(config)#access-list 101 deny icmp host 3.3.3.4 host 192.168.0.1 echo
Router(config)#access-list 101 deny tcp host 3.3.3.4 host 2.2.2.2 eq telnet
Router(config)#access-list 101 deny tcp host 3.3.3.4 host 1.1.1.2 eq telnet
Router(config)#access-list 101 deny tcp host 3.3.3.4 host 192.168.0.1 eq telnet


Router(config)#access-list 101 permit ip any any

Interface Configuration

int fa 0/0

Router(config-if)#ip access-group 101 in

Router2#sh run
Building configuration...

Current configuration : 1117 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable password just@123
!
ip cef
no ipv6 cef
!
interface Loopback1
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 3.3.3.3 255.0.0.0
ip access-group 101 in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 2.2.2.3 255.0.0.0
duplex auto
speed auto
!
router eigrp 101
network 192.168.2.0
network 2.0.0.0
network 3.0.0.0
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
access-list 101 deny icmp host 3.3.3.4 host 1.1.1.2 echo
access-list 101 deny icmp host 3.3.3.4 host 1.1.1.1 echo
access-list 101 deny icmp host 3.3.3.4 host 192.168.0.1 echo
access-list 101 deny tcp host 3.3.3.4 host 2.2.2.2 eq telnet
access-list 101 deny tcp host 3.3.3.4 host 1.1.1.2 eq telnet
access-list 101 deny tcp host 3.3.3.4 host 192.168.0.1 eq telnet
access-list 101 permit ip any any
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
password 1234
login
!
end

Router 3 Configuration

Router3#sh run

Building configuration...

Current configuration : 662 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
enable password just@123
!
ip cef
no ipv6 cef
!
!
interface Loopback1
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 3.3.3.4 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
router eigrp 101
network 3.0.0.0
network 192.168.3.0
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
line con 0
!
line aux 0
!
line vty 0 4
password 1234
login
!
end

Check ACL configuration is working 

Ping

Router3#ping 1.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
UUUUU

Success rate is 0 percent (0/5)

Telnet

Router#telnet 2.2.2.2
Trying 2.2.2.2 ...

% Connection timed out; remote host not responding


Share:

1 comments

  1. Thanks for the article
    http://www.routexp.com/2017/11/route-filtering-techniques-access-lists.html

    ReplyDelete

Please leave your comments...... Thanks