Configuring Standard ACLs
To use numbered standard ACLs on a Cisco router, you must first create the standard ACL and then activate the ACL on an interface.
The access-list global configuration command defines a standard ACL with a number in the range of 1 through 99. Cisco IOS Software Release 12.0.1 extended these numbers by allowing 1300 to 1999 to be used for standard ACLs. This allows for a maximum of 798 possible standard ACLs. These additional numbers are referred to as expanded IP ACLs.
The full syntax of the standard ACL command is as follows:
Router(config)# access-list access-list-number { deny | permit | remark } source [ source-wildcard ][ log ]
Figure 1 provides a detailed explanation of the syntax for a standard ACL.
ACEs can deny or permit an individual host or a range of host addresses. To create a host statement in numbered ACL 10 that permits a specific host with the IP address 192.168.10.0, you would enter:
R1(config)# access-list 10 permit host 192.168.10.10
As shown in Figure 2, to create a statement that will permit a range of IPv4 addresses in a numbered ACL 10 that permits all IPv4 addresses in the network 192.168.10.0/24, you would enter:
R1(config)# access-list 10 permit 192.168.10.0 0.0.0.255
To remove the ACL, the global configuration no access-list command is used. Issuing the show access-list command confirms that access list 10 has been removed.
Typically, when an administrator creates an ACL, the purpose of each statement is known and understood. However, to ensure that the administrator and others recall the purpose of a statement, remarks should be included. The remark keyword is used for documentation and makes access lists a great deal easier to understand. Each remark is limited to 100 characters. The ACL in Figure 3, although fairly simple, is used to provide an example. When reviewing the ACL in the configuration using the show running-config command, the remark is also displayed.