TUTORIAL

How to Configure Standard ACLs on Cisco Routers

by Danielle Antosz

Project Overview

EXPERIENCE LEVEL: Entry-Level

TIME TO COMPLETE: 30–45 minutes

ESTIMATED COST: Free (assuming access to a Cisco lab environment or simulator like Cisco Packet Tracer or CML)

Skills Needed:

  • Basic understanding of IP addressing and subnetting

Tools and Materials Needed:

  • Cisco IOS-based router or lab environment (real or simulated)

  • CLI access

  • Basic networking knowledge

  • Notepad or text editor (optional for drafting rules)

Before You Begin:

Before jumping into ACL configuration, you should:

  • Have access to a Cisco router or simulator

  • Know how to enter global configuration mode

  • Understand IP addresses and subnet masks

  • Optionally, review subnetting and binary math for wildcard masks

How to Configure Standard ACLs on Cisco Routers

Access control lists (ACLs) are one of the simplest yet most powerful tools for controlling traffic in Cisco networks. In this tutorial, you’ll learn how to configure standard ACLs, assign them to interfaces, use wildcard masks, and even name your ACLs for easier management.

Step 1: Understand What an ACL is

An ACL is a list of rules—either permit or deny—that controls whether traffic is allowed into or out of a router’s interface. Each packet is tested against these rules in order. If it matches a rule, the associated action is taken. If it doesn’t match any rule, it’s denied by default (this is known as the implicit deny rule).

Step 2: Enter Global Configuration Mode

To start configuring an ACL, enter global configuration mode:

Router> enable  
Router# configure terminal

Step 3: Create a Numbered Standard ACL

Choose a number from 1 to 99 for your standard ACL. Each rule starts with access-list, followed by the number, a permit or deny keyword, and the source IP.

(config)# access-list 1 permit 10.1.5.1  
(config)# access-list 1 deny 192.168.1.53

You can add as many rules as you need — just remember: they’re processed in order.

Step 4: Understand and Apply Wildcard Masks

Wildcard masks define IP ranges in ACLs. Unlike subnet masks, wildcard masks are calculated by subtracting the subnet mask from 255.255.255.255.

Example for /16 (255.255.0.0):

Wildcard = 255.255.255.255 - 255.255.0.0 = 0.0.255.255

Then apply it in your ACL:

(config)# access-list 1 permit 172.30.0.0 0.0.255.255

Use wildcard masks when you want to permit or deny a range of IP addresses.

Step 5: Apply the ACL to an Interface

After creating your ACL, assign it to an interface in either the inbound or outbound direction.

(config)# interface fa0/0  
(config-if)# ip access-group 1 outbound

Inbound applies to packets entering the router; outbound applies to packets leaving it.

Step 6: Use a Named ACL for Better Readability

Instead of using numbers, you can name your ACLs for better clarity.

(config)# ip access-list standard MY_ACL  
(config-std-nacl)# permit 10.1.5.1  
(config-std-nacl)# deny 192.168.1.53  
(config-std-nacl)# permit 172.30.0.0 0.0.255.255

Step 7: Apply a Named ACL to an Interface

Just like with numbered ACLs, assign the named ACL to an interface:

(config)# interface fa0/0  
(config-if)# ip access-group MY_ACL outbound

And that’s it! You’ve now created and assigned a standard named ACL.

Conclusion

Access control lists are foundational to Cisco networking — and mastering them will give you tighter control over the traffic entering and leaving your network. Want more hands-on training? Explore ACLs and other Cisco topics in our Cisco Certified Network Associate (CCNA) training or check out all our tutorials on the CBT Nuggets Tutorials page.

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

Follow us

Let's chat!

Sales | Support | General
© 2025 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522