how to configured two routers cisco 1841 ACL LIST with steps
Here is a basic step-by-step configuration for two Cisco 1841 Integrated Services Router routers using:
Static IP addressing
Serial connection
ACL (Access Control List)
Routing between two LAN networks
Network Topology
PC1 ---- Router1 ===== Router2 ---- PC2
Fa0/0 Serial Fa0/0
IP Addressing Table
| Device | Interface | IP Address | Subnet Mask |
|---|---|---|---|
| Router1 | Fa0/0 | 192.168.1.1 | 255.255.255.0 |
| Router1 | S0/0/0 | 10.0.0.1 | 255.255.255.252 |
| Router2 | S0/0/0 | 10.0.0.2 | 255.255.255.252 |
| Router2 | Fa0/0 | 192.168.2.1 | 255.255.255.0 |
| PC1 | NIC | 192.168.1.10 | 255.255.255.0 |
| PC2 | NIC | 192.168.2.10 | 255.255.255.0 |
Gateway:
PC1 → 192.168.1.1
PC2 → 192.168.2.1
Step 1: Connect Routers
Use:
Console cable for configuration
Serial DCE/DTE cable between routers
Ethernet cable to PCs
Step 2: Configure Router1
Enter privileged mode:
enable
configure terminal
Configure FastEthernet
interface fa0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
exit
Configure Serial Interface
interface s0/0/0
ip address 10.0.0.1 255.255.255.252
clock rate 64000
no shutdown
exit
Configure Static Route
ip route 192.168.2.0 255.255.255.0 10.0.0.2
Step 3: Configure Router2
enable
configure terminal
Configure FastEthernet
interface fa0/0
ip address 192.168.2.1 255.255.255.0
no shutdown
exit
Configure Serial Interface
interface s0/0/0
ip address 10.0.0.2 255.255.255.252
no shutdown
exit
Configure Static Route
ip route 192.168.1.0 255.255.255.0 10.0.0.1
Step 4: Configure ACL on Router1
Example:
Block PC1 from accessing Router2 LAN.
Create Standard ACL
access-list 10 deny 192.168.1.10
access-list 10 permit any
Apply ACL to Interface
interface s0/0/0
ip access-group 10 out
exit
This ACL:
Denies PC1 (192.168.1.10)
Allows all other traffic
Step 5: Save Configuration
On both routers:
copy running-config startup-config
Step 6: Verify Configuration
Check Interfaces
show ip interface brief
Check Routing Table
show ip route
Check ACL
show access-lists
Test Connectivity
From PC1:
ping 192.168.2.10
If ACL is working:
PC1 ping fails
Other PCs can communicate
Example Extended ACL
To block only Telnet traffic:
access-list 101 deny tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq 23
access-list 101 permit ip any any
Apply:
interface s0/0/0
ip access-group 101 out
Useful Commands
| Command | Purpose |
|---|---|
show running-config | View current config |
show ip route | View routes |
show access-lists | View ACL rules |
ping | Test network |
traceroute | Trace route |
Important Notes
Use
clock rate 64000only on DCE side.Use
no shutdownon all interfaces.ACL rules are processed top to bottom.
Standard ACL filters source IP only.
Extended ACL filters protocol, source, and destination.
Cisco ACL Logic
deny → block traffic
permit → allow traffic
Example formula:
192.168.1.0/24 \rightarrow \text{deny or permit traffic}