Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access Control List - Packet Tracer

Hi everyone,

I am quiet new to packet tracer. I am currently having trouble with creating an access control list for my packet tracer file. I am aware of the deny and permit commands, but not to sure what 2nd IP address should be used at the source of the blockage.

There are 3 VLANS on the network.

VLAN 10, VLAN 20 and VLAN 99

I am attempting to use an extended ACL commands for these 3 VLANS.

VLAN 10 I want to deny access to FTP services bit permit all other traffic.
VLAN 20 I want to deny HTTP services and permit all other traffic
VLAN 99 I want to permit access to all locations and protocols

I was looking at naming each control list the following:

VLAN 10: Access control list 110
VLAN 20: Access control list 120
VLAN 99: Access control list 199

The VLAN 10 IP address is
The VLAN 20 IP address is
The VLAN 99 IP address is

The router that is the first source contact has a GIG interface to a switch but that currently does not have an IP Address, there is a serial link going from the first source router to the 2nd with the IP address 


Everyone's tags (1)
New Member



ip Access-list extended 110

10 deny tcp any eq FTP

20 deny tcp any eq HTTP

30 permit ip any

50 permit ip any any ( you can change this line with your condition )

Then you must configure interface to check the access list 110 .

Notice : You can name your ACL rather number but if you want to debug an ACL, it's not possible with named ACLs.

CreatePlease to create content