acl configure in eigrp routing on cisco router

Written by 1 Comment

How to configure Access control list (ACL) in EIGRP routing on Cisco router?

ACL configure in EIGRP routing on Cisco router




Extended ACL (100-199)
Denies or permit: source ip address,
destination ip address, port(services)

Extended ACL (100-199)
Applied closest to the source






Router0 Configuration

Router0#sh run

Building configuration...

Current configuration : 675 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
enable password just@123
!
ip cef
no ipv6 cef
!
interface Loopback1
ip address 192.168.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 1.1.1.1 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
router eigrp 101
network 1.0.0.0
network 192.168.0.0
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
password 1234
login
!
!
!
end


Router1 Configuration

Router(config)#access-list 101 deny icmp host 1.1.1.1 host 3.3.3.4 echo
Router(config)#access-list 101 deny tcp host 1.1.1.1 host 3.3.3.4 eq telnet
Router(config)#access-list 101 deny tcp host 2.2.2.3 host 1.1.1.1 eq telnet
Router(config)#access-list 101 deny icmp host 2.2.2.3 host 1.1.1.1 echo
Router(config)#access-list 101 deny icmp host 2.2.2.3 host 192.168.0.1 echo
Router(config)#access-list 101 permit ip any any

Interface configuration

int fa 0/0
Router(config-if)#ip access-group 101 in
int fa 0/1

Router(config-if)#ip access-group 101 in

Router1#sh run

Building configuration...

Current configuration : 1065 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable password just@123
!
ip cef
no ipv6 cef
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 1.1.1.2 255.0.0.0
ip access-group 101 out
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 2.2.2.2 255.0.0.0
ip access-group 101 out
duplex auto
speed auto
!
router eigrp 101
network 2.0.0.0
network 1.0.0.0
network 192.168.1.0
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
access-list 101 deny icmp host 1.1.1.1 host 3.3.3.4 echo
access-list 101 deny tcp host 1.1.1.1 host 3.3.3.4 eq telnet
access-list 101 deny tcp host 2.2.2.3 host 1.1.1.1 eq telnet
access-list 101 deny icmp host 2.2.2.3 host 1.1.1.1 echo
access-list 101 deny icmp host 2.2.2.3 host 192.168.0.1 echo
access-list 101 permit ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
password 1234
login
!
!
!
end

Router 2 Configuration

Router(config)#access-list 101 deny icmp host 3.3.3.4 host 1.1.1.2 echo
Router(config)#access-list 101 deny icmp host 3.3.3.4 host 1.1.1.1 echo
Router(config)#access-list 101 deny icmp host 3.3.3.4 host 192.168.0.1 echo
Router(config)#access-list 101 deny tcp host 3.3.3.4 host 2.2.2.2 eq telnet
Router(config)#access-list 101 deny tcp host 3.3.3.4 host 1.1.1.2 eq telnet
Router(config)#access-list 101 deny tcp host 3.3.3.4 host 192.168.0.1 eq telnet


Router(config)#access-list 101 permit ip any any

Interface Configuration

 int fa 0/0

Router(config-if)#ip access-group 101 in

Router2#sh run
Building configuration...

Current configuration : 1117 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable password just@123
!
ip cef
no ipv6 cef
!
interface Loopback1
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 3.3.3.3 255.0.0.0
ip access-group 101 in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 2.2.2.3 255.0.0.0
duplex auto
speed auto
!
router eigrp 101
network 192.168.2.0
network 2.0.0.0
network 3.0.0.0
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
access-list 101 deny icmp host 3.3.3.4 host 1.1.1.2 echo
access-list 101 deny icmp host 3.3.3.4 host 1.1.1.1 echo
access-list 101 deny icmp host 3.3.3.4 host 192.168.0.1 echo
access-list 101 deny tcp host 3.3.3.4 host 2.2.2.2 eq telnet
access-list 101 deny tcp host 3.3.3.4 host 1.1.1.2 eq telnet
access-list 101 deny tcp host 3.3.3.4 host 192.168.0.1 eq telnet
access-list 101 permit ip any any
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
password 1234
login
!
end

Router 3 Configuration

Router3#sh run

Building configuration...

Current configuration : 662 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
enable password just@123
!
ip cef
no ipv6 cef
!
!
interface Loopback1
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 3.3.3.4 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
router eigrp 101
network 3.0.0.0
network 192.168.3.0
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
line con 0
!
line aux 0
!
line vty 0 4
password 1234
login
!
end

Check ACL configuration is working 

Ping

Router3#ping 1.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
UUUUU

Success rate is 0 percent (0/5)

Telnet

Router#telnet 2.2.2.2
Trying 2.2.2.2 ...

% Connection timed out; remote host not responding


Tags:

Share:

1 comments

  1. TTL Bits24 September 2018 at 12:46

    Thanks for the article
    http://www.routexp.com/2017/11/route-filtering-techniques-access-lists.html

    ReplyDelete

Please leave your comments...... Thanks