Dockerfile, Custom Images, and Environment Variables Explained for Beginners

Docker is one of the most important technologies in modern DevOps, cloud computing, and software deployment. After learning Docker Images and Containers, the next step is understanding Dockerfiles, building custom images, and using environment variables. 
Learn Dockerfile, custom Docker image creation, and environment variables with practical examples. A beginner-friendly Docker guide for DevOps and System Engineers.

In this guide, you'll learn these concepts with practical examples.

What is a Dockerfile?

A Dockerfile is a text file that contains instructions for building a Docker image. Instead of manually configuring containers every time, you can define all steps inside a Dockerfile and create reproducible images.

Example:

dockerfile
FROM nginx
COPY index.html /usr/share/nginx/html/index.html
  

• * FROM nginx uses the Nginx image as the base image.
• * COPY copies a webpage into the Nginx web server directory.

Docker reads these instructions and builds a custom image.

 Common Dockerfile Instructions

FROM

• Specifies the base image.
• FROM ubuntu

 WORKDIR

Sets the working directory inside the container.

• WORKDIR /app

 COPY

Copies files from the host machine into the container.

• COPY . .

RUN

Executes commands during image creation.

• RUN npm install

CMD

Defines the default command executed when the container starts.

• CMD ["node","server.js"]

Building Custom Docker Images

Let's create a simple custom image.

Project Structure

text
project/
│
├── Dockerfile
├── index.html

Dockerfile

• FROM nginx
• COPY index.html /usr/share/nginx/html/index.html

Build the Image

Run the following command inside the project directory:

• docker build -t mywebsite . 

 
Explanation:
 

• docker build creates a Docker image.
• -t assigns a tag or image name.
• mywebsite is the image name.
• .  represents the current directory.

Verify the Image

• docker images

You should see:

• REPOSITORY
• mywebsite

Run the Custom Image

• docker run -d -p 8080:80 mywebsite

Open:

• http://localhost:8080

Your custom webpage should now be visible in the browser.

What Are Environment Variables?

Environment variables allow you to pass configuration values to containers without modifying application code.

This makes applications easier to manage and deploy.

Example:

• docker run -e APP_NAME=HackingTruth nginx

Here:

 

• APP_NAME=HackingTruth

is an environment variable available inside the container.

Multiple Environment Variables

docker run \
-e DB_HOST=localhost \
-e DB_USER=root \
-e DB_PASSWORD=password \
myapp

 

This approach is commonly used for:

• * Database credentials
• * API keys
• * Application settings
• * Deployment configuration

Defining Environment Variables in Dockerfile


You can also define variables directly inside a Dockerfile.

• FROM ubuntu
• ENV APP_NAME=HackingTruth
• ENV VERSION=1.0

Build the image:

• docker build -t myapp .

Run the container:

• docker run myapp

The environment variables will be available inside the container.

Why Use Dockerfiles and Environment Variables?

Dockerfiles provide:

• * Consistent deployments
• * Reproducible environments
• * Easier automation

Environment variables provide:

• * Better configuration management
• * Improved security practices
• * Easier deployment across environments

Together, they form the foundation of modern containerized applications.

Conclusion

Understanding Dockerfiles, custom image creation, and environment variables is essential for anyone learning Docker, DevOps, Cloud Computing, or System Administration.

By mastering these concepts, you'll be able to create reusable Docker images, automate deployments, and configure applications efficiently. These skills are widely used in real-world production environments and are frequently asked about in DevOps and System Engineer interviews.

 

Docker is a platform that allows developers and system administrators to package applications and their dependencies into containers. Containers are lightweight, portable and run consistently across different computing environment.

Docker Learning Path for You

Week 1

• Install Docker 
• Containers vs Images 
• Pull images 
• Run containers 
• Port mapping 

Week 2 

• Dockerfile 
• Build custom images 
• Environment variables 

Week 3 

• Docker Volumes 
• Docker Networks 
• Multi-container 
• applications 

Week 4 

• Docker Compose 
• Deploy React/Node applications 
• Container troubleshooting 

But we will start from week 1 module and try to answer the interview level question also 

 

 Install Docker 

 

 For installing the docker via docker-desktop and via wsl linux. you can choose any of the them or both so check it here for previously we have done this part and many things you can learn from other blog article.

 

Click Here 

 

Containers vs Images


This is one of the most common Docker interview questions.

• Docker Image

An Image is like a blueprint or template.

Think of it like:

Windows ISO File
     ↓
Install Windows
     ↓
Running Windows OS
  

Similarly:

Docker Image
    ↓
Run Image
    ↓
Docker Container

Examples of Images:

• nginx
• ubuntu
• mysql
• node

View downloaded images:

• docker images

Example output:

 

Docker Container

A Container is a running instance of an image or Containers are standardized software units that package code and dependencies together, ensuring an application runs quickly and reliably across any computing environment. 


Example:

• docker run nginx

Docker:

• Checks for nginx image
• Downloads it if missing
• Creates container
• Starts container

View running containers:  list running container and verify 

docker ps

 

 

 

 

 Interview Answer

What is the difference between Image and Container?


Image

• Read-only template
• Used to create containers
• Similar to an ISO file

Container

• Running instance of an image
• Has its own process and network
• Similar to an installed/running operating system

 

 

Pull Images

What is Pull?

Downloading an image from Docker Hub to your local machine.

Example:

docker pull nginx


Docker downloads:

• nginx:latest
• Pull Ubuntu
• docker pull ubuntu

Check downloaded images:

• docker images
• Pull Specific Version
• docker pull nginx:1.27

Why?

In production we often use specific versions instead of latest.

Interview Question

What does docker pull do?

Answer:

docker pull downloads an image from a registry such as Docker Hub to the local Docker host.

like this hello-world repo or registry -

 Port Mapping

This is extremely important.

Without Port Mapping

Run nginx:

• docker run nginx
• Container runs internally.
• You cannot access it from your browser.

With Port Mapping

• docker run -d -p 8080:80 nginx

Meaning:

• Host Machine Port = 8080
• Container Port = 80

Visualization:


Your Laptop
localhost:8080
        │
        ▼
Docker Container
Port 80 (Nginx)

Test

Open browser:

http://localhost:8080

You should see:

Welcome to nginx!

Another Example

Node.js app running on port 3000 inside container:

• docker run -d -p 3000:3000 myapp

Meaning:

• Host 3000 → Container 3000
• Check Port Mapping
• docker ps

Example:

PORTS

• 0.0.0.0:8080->80/tcp

Meaning:

Host Port 8080
           ↓
Container Port 80

Commands You Must Remember

Pull image:

• docker pull nginx

List images:

• docker images

Run container:

• docker run nginx

Run in background:

• docker run -d nginx

Port mapping:

• docker run -d -p 8080:80 nginx

Running containers:

• docker ps

All containers:

• docker ps -a

Before moving to Week 2, make sure you can confidently explain:

✅ What is Docker?
✅ What is an Image?
✅ What is a Container?
✅ What is Docker Hub?
✅ What is docker pull?
✅ What is port mapping?
✅ Difference between docker ps and docker images?
✅ Meaning of 8080:80?

Disclaimer

docker-images-vs-containers-complete-beginners-guide

What is the docker, and how would you use it in a system engineering role ?

Docker is a platform that allows developers and system administrators to package applications and their dependencies into containers. Containers are lightweight, portable and run consistently across different computing environment.

How docker is used in system engineering:

1. Containerization: Docker packages an application with all its dependencies into a single container, which can be run on any system that supports docker. This simplifies deployment and eliminate dependency conflicts.

2. Environment Isolation: Each containers is isolated, providing a consistent environment for applications regardless of the underlying host system. This helps with environment replication across development, stagging and production.

3. CI/CD pipelines: (Continuous Integration and Continuous Delivery/Development) Docker containers are widely used in CI/CD  pipelines to ensure consistent testing, building and deployment environment.

4. Scalability: Dockers containers can be easily scaled up or down in a Kubernetes or docker swarm environment.

Core components of Docker

It is responsible for the overall functioning of the docker platform and docker engine is a client-server based application and consists of 3 main components.

- Server
- REST API
- Client


- Server -> The server runs a daemon known as dockerd (Docker Daemon), which is nothing but a process. It is responsible for creating and managing docker images, containers, networks and volumes on the Docker platform.

- REST API - The REST API specifies how the applications can interact with the server and instruct it to get their job done.

- The client is nothing but a command line interface, that allows users to interact with docker using the commands.

Docker Terminology 

Docker Images and Docker containers are the two essential things that you will come across daily while working with docker.

In simple terms, a docker image is a template that contains the application, and all the dependencies required to run that application on docker.

On the other hand, as started earlier, a docker container is a logical entity. In more precise terms, it is a running instance of the docker image.

What is Docker Hub? 

Docker hub is the official online repository where you could find all the docker images that are available for us to use also allows us to store and distribute our custom images as well if we wish to do so. We could also make them either public or private, based on our requirements.


What is Docker image?

Docker image is actually an executable file that file inside instruction for which types of container we should make so using one image we can create multiple container.

Image is basically like a static screenshot or static snapshot of what the code and the dependencies or what the local development environment look like.

The relation between Docker and Container like the same as Class (class - how look like object create a blueprint of code) and Object in between of relation.

Docker image is giving a blue print of how container look like in MAC, Linux, Windows.

Container 

Docker is platform or services that useful for creating a container. container i

• Portable - Portable means we can share data one machine to another machine is become to easier share code as well as dependencies with their development team.
• Lightweight - Lightweight means easier to build, update and destroy and if we want install extra addon dependencies then we can install in same container.

OR

why we make container so what should i do for making container ?

• Containers are standardized software units that package code and dependencies together, ensuring an application runs quickly and reliably across any computing environment.

after making Docker Container and add some dependencies or else so we should make again docker image ?

Yes, you need to create a new image if you want to save those changes permanently. Containers are temporary and disposable. Any changes you make directly inside a running container will be lost forever if that container is stopped, deleted, or restarted.


You have two main ways to handle this, depending on your goal:

Method: Save the Live Container (Quick Fix)

If you spent a lot of time configuring a running container manually and do not want to lose your work immediately, you can take a snapshot of it.

Find your running container ID:

• bashdocker ps

Use code with caution.Commit the changes to create a brand new image directly from that running container:

• bashdocker commit CONTAINER_ID your-new-image-name

How to install and run docker desktop

Step 1: Check Requirements

Option A: Docker Desktop (Recommended)

Requirements:

• Windows 10 64-bit
• At least 4 GB RAM (8+ GB recommended)
• Hardware virtualization enabled in BIOS
• WSL 2 support

First, open PowerShell as Administrator and check:

systeminfo


Look for:

• Hyper-V Requirements: Yes
• Virtualization Enabled In Firmware: Yes

Step 2: Enable WSL 2

Open PowerShell as Administrator:

wsl --install

After completing task 1 like according to image 1(above image) it will ask for reboot the system then after rebooting the system (according to image 2 - below) it will automatically popup a cmd and run this wsl linux.

Restart your PC.

Verify:

wsl --status

You should see WSL version 2 installed.

Step 3: Download Docker Desktop

Go to:

Docker Desktop for Windows

Download the installer.

Step 4: Install Docker Desktop

Run the installer.

During installation:

✅ Use WSL 2 instead of Hyper-V (recommended)
✅ Add Docker Desktop shortcut

Restart if prompted.

Step 5: Start Docker

Launch Docker Desktop.

Wait until Docker reports:

• Docker Engine running

Step 6: Verify Installation

Open PowerShell:

• docker --version

Example output:

• Docker version 28.x.x

Check Docker engine:

• docker info

NOTE -  some useful URLs you can check here  

• https://hub.docker.com/_/hello-world
• https://app.docker.com/accounts/whoiskumaratul

Step 7: Run Your First Container

To run this your first container hello world docker from URL - you can check here - Docker Hello World 

Test Docker with:

• docker run hello-world

If successful, you'll see a welcome message.

So, for this we will pull first - docker pull hello-world

 Then run container and you can see in the docker desktop UI there will be create docker image and docker container 

• docker run hello-world

Docker Ubuntu

When we installed wsl ubuntu you have noticed in your local directory - linux section is there 

 you can run this via Linux ubuntu - try this command docker run -it ubuntu 

 -it -> we want to run in interactive mode

 Now we can check directory and create new folder, file because we are in linux directory 

Stop container

• docker stop <container_id>

Remove container

• docker rm <container_id>

Remove image

• docker rmi <image_name>

Step 8: Run an Nginx Web Server

Pull and run Nginx:

• docker run -d -p 8080:80 nginx

Verify:

• docker ps

Open browser:

• http://localhost:8080

You should see the Nginx welcome page.

Essential Docker Commands for Interviews

List running containers

• docker ps

List all containers

• docker ps -a

List images

• docker images

Stop container

• docker stop <container_id>

Remove container

• docker rm <container_id>

Remove image

• docker rmi <image_name>

Disclaimer

How to identify my wbs chargecode in powershell

A WBS (Work Breakdown Structure) / Charge code is usually not something Powershell can 'discover' automatically from your system because it's company-specific financial/project data (Stored in tools like SAP, ServiceNow, internal portals, or time-tracking systems).

1. Check Environment Variables (if your organization uses them)

Some companies push project/charge codes as environment variables.

Get-ChildItem Env:

Look for anything like:

• WBS
• CHARGECODE
• PROJECT
• COSTCENTER

2. Check Active Directory (if stored in AD)

Sometimes WBS/cost center is stored as a user attribute.

Get-ADUser -Identity $env:USERNAME -Properties *

Look for fields like:

• department
• extensionAttributeX
• employeeID
• costCenter

Filter only relevant fields:

Get-ADUser -Identity $env:USERNAME -Properties  department,extensionAttribute1,extensionAttribute2

If you got error like as you can see the image below so in screenshot, the error is very clear:

Get-ADUser : The term 'Get-ADUser' is not recognized

✅ What this means

Your PowerShell does not have the Active Directory module installed or loaded.

Get-ADUser comes from the ActiveDirectory module, which is:

• ✅ Available on domain-joined machines with RSAT installed
• ❌ Not available by default on normal Windows installs

✅ Fix it (step-by-step)

🔹 Option 1: Check if module exists but not loaded

Get-Module -ListAvailable ActiveDirectory

👉 If you see output well and good but if you are not seeing then leave it as of now.

Then just import it:

Import-Module ActiveDirectory

Option 2: Install RSAT (Most likely needed)

Since you’re a IT Support Engineer, this is probably your case.

Run:

Get-WindowsCapability -Name RSAT.ActiveDirectory* -Online

Install it:

Add-WindowsCapability -Online -Name RSAT.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

Option 3: If installation is blocked

In many corporate environments:

❌ You may NOT have permission to install RSAT

👉 Then:

Ask IT:

"Please enable RSAT Active Directory PowerShell module on my machine"

✅ After fixing

Use this correct command 

👉 Environment variables cannot start with numbers

✅ Correct version:

If your username is your ID:

Get-ADUser -Identity $env:USERNAME -Properties *

Or explicitly:

Get-ADUser -Identity 221843 -Properties *

Filter WBS / Charge info (after it works)

Get-ADUser -Identity $env:USERNAME -Properties * |
Select-Object Name, Department, Title, extensionAttribute1, extensionAttribute2

Disclaimer

10G SR SFP+ vs 40G SR4 QSFP+: Complete Guide to Fiber Optic Transceivers, MTP/MPO Connectors & Breakout Cables

Modern data centers and enterprise networks rely heavily on high-speed fiber connectivity. Two of the most commonly used optical transceivers are the 10GBASE-SR SFP+ and 40GBASE-SR4 QSFP+ modules.

If you work in networking, data centers, IT infrastructure, or enterprise switching environments like Cisco and Meraki, understanding the difference between these modules is extremely important.

In this guide, we will cover:

•  What 10G-SR and 10G-LR mean
•  Full form of SFP+, QSFP+, SR, and LR
•  Difference between 10G SR and 40G SR4
•  What MTP/MPO connectors are
•  How 12-fiber MPO cables work
•  Breakout cable concepts
•  Fiber polarity and connector types
•  Real-world networking use cases

#. What is 10G-SR?

Full Form of 10G-SR

• 10G = 10 Gigabit Ethernet
• SR = Short Range
• So, 10GBASE-SR means:

> 10 Gigabit Ethernet Short Range optical communication standard.

It is designed for short-distance high-speed communication over multimode fiber (MMF).

#. What is 10G-LR?

Full Form of 10G-LR

• 10G = 10 Gigabit Ethernet
• LR = Long Range

So, 10GBASE-LR means:

> 10 Gigabit Ethernet Long Range optical communication standard.

Unlike SR, LR is designed for long-distance communication using single-mode fiber (SMF).

# Difference Between 10G-SR and 10G-LR

| Feature      | 10G-SR                | 10G-LR                  |
| ------------ | --------------------- | ----------------------- |
| Full Form    | Short Range           | Long Range              |
| Speed        | 10Gbps                | 10Gbps                  |
| Fiber Type   | Multimode Fiber (MMF) | Single-Mode Fiber (SMF) |
| Wavelength   | 850nm                 | 1310nm                  |
| Connector    | Duplex LC             | Duplex LC               |
| Distance     | Up to 300m/400m       | Up to 10km              |
| Cost         | Lower                 | Higher                  |
| Common Usage | Data Centers          | Long Campus Links       |

#. What is SFP+?

Full Form of SFP+

SFP+ = Small Form-factor Pluggable Plus

It is a compact hot-swappable transceiver used for:

•  10 Gigabit Ethernet
•  Fiber communication
•  Switch-to-switch links
•  Server uplinks
•  Storage networking

A 10G-SR SFP+ module usually uses:

•  Duplex LC connector
•  Multimode fiber
•  850nm wavelength

#. What is QSFP+?

Full Form of QSFP+

• QSFP+ = Quad Small Form-factor Pluggable Plus
• “Quad” means it contains 4 independent lanes.

Each lane can carry:

• 4×10Gbps=40Gbps

So a QSFP+ SR4 module delivers:

> 40 Gigabit Ethernet speed using 4 parallel 10G lanes.

#. What is 40GBASE-SR4?

Full Form of 40GBASE-SR4

•  40G = 40 Gigabit Ethernet
•  SR = Short Range
•  4 = Four parallel lanes

40G SR4 uses:

•  Multimode fiber
•  MPO/MTP connector
•  Parallel optics technology

It is commonly used in:

•  Data centers
•  Spine-leaf architecture
•  High-density aggregation switches
•  Enterprise core networking

#. 10G SR SFP+ vs 40G SR4 QSFP+

| Feature     | 10G SR SFP+      | 40G SR4 QSFP+         |
| ----------- | ---------------- | --------------------- |
| Speed       | 10Gbps           | 40Gbps                |
| Form Factor | SFP+             | QSFP+                 |
| Fiber Type  | MMF              | MMF                   |
| Connector   | LC Duplex        | MPO/MTP               |
| Fiber Count | 2 fibers         | 8 fibers used         |
| Wavelength  | 850nm            | 850nm                 |
| Use Case    | Standard uplinks | High-density backbone |

#. What is an MTP/MPO Connector?

The MTP/MPO connector is a high-density fiber connector that combines multiple fiber strands into one compact connector.

Full Form of MPO

• MPO = Multi-Fiber Push-On
• It is the industry-standard multi-fiber connector.

Full Form of MTP

• MTP = Multi-fiber Termination Push-on
• MTP is an advanced branded version of MPO developed by US Conec.

It includes:

•  Better alignment
•  Improved ferrule design
•  Lower insertion loss
•  Better durability
•  Higher performance

#. What Does “12-Fiber MPO” Mean?

A 12-fiber MPO connector contains:

• 12 Fiber Positions
• However, in 40G SR4, only 8 fibers are actively used.

#. How 40G SR4 Uses 12 Fibers

The 12-fiber MPO layout works like this:

| Fiber Usage | Purpose       |
| ----------- | ------------- |
| 4 Fibers    | Transmit (Tx) |
| 4 Fibers    | Receive (Rx)  |
| 4 Fibers    | Unused/Idle   |

The bandwidth calculation becomes:

• 4×10G=40G
• Each lane carries 10Gbps.

#. What is Fiber Polarity?

Fiber polarity ensures:

> Transmit (Tx) on one side connects to Receive (Rx) on the other side.

Without correct polarity:

 Link will fail

 Optical communication will not establish

#. What is MPO Type-B Cable?

For direct 40G QSFP+ to QSFP+ connectivity, networks commonly use:

> Type-B MPO crossover cable

This swaps the fibers internally so Tx aligns with Rx correctly.

#. Male vs Female MPO Connectors

Male MPO

Contains:

•  Two alignment guide pins

Female MPO

Contains:

•  Two guide holes

| Device            | Connector Type |
| ----------------- | -------------- |
| QSFP+ Transceiver | Male           |
| MPO Patch Cable   | Female         |

Typically:

#. What is QSFP Breakout?

A QSFP+ port can be split into:

• 1×40G→4×10G

This is called:

•  Breakout
•  Channelization
•  Fan-out connectivity

Using an MPO-to-LC breakout cable, one 40G port becomes four separate 10G SFP+ connections.

#. Real-World Use Cases

 10G SR SFP+

Commonly used for:

•  Server uplinks
•  Access switch uplinks
•  VMware networking
•  Storage traffic
•  Enterprise LAN

40G SR4 QSFP+

•  Spine-leaf architecture
•  Core switch interconnects
•  Data center aggregation
•  High-density networking
•  Cisco Nexus environments

#. Cisco and Meraki Compatibility

Popular compatible modules include:

•  Cisco SFP-10G-SR
•  Cisco SFP-10G-SR-S
•  Cisco QSFP-40G-SR4
•  Meraki MA-SFP-10GB-SR
•  Meraki MA-QSFP-40G-SR

These are widely deployed in enterprise networking environments.

#. Advantages of 10G SR SFP+

•  Lower cost
•  Easy deployment
•  Duplex LC simplicity
•  Ideal for short-range networking
•  Highly compatible

#. Advantages of 40G SR4 QSFP+

•  Much higher bandwidth
•  High port density
•  Supports breakout architecture
•  Better for modern data centers
•  Scalable backbone connectivity

#. Important Networking Terms

| Term  | Meaning                               |
| ----- | ------------------------------------- |
| SFP+  | Small Form-factor Pluggable Plus      |
| QSFP+ | Quad Small Form-factor Pluggable Plus |
| SR    | Short Range                           |
| LR    | Long Range                            |
| MPO   | Multi-Fiber Push-On                   |
| MTP   | Multi-fiber Termination Push-on       |
| MMF   | Multimode Fiber                       |
| SMF   | Single-Mode Fiber                     |
| Tx    | Transmit                              |
| Rx    | Receive                               |

#. Final Thoughts

Both 10G SR SFP+ and 40G SR4 QSFP+ modules are critical components in modern enterprise and data center networking.

Choose 10G SR when:

•  You need affordable 10Gbps connectivity
•  Distance is short
•  LC duplex fiber is available

Choose 40G SR4 when:

•  You need higher throughput
•  Building scalable infrastructure
•  Deploying spine-leaf architecture
•  Using MPO/MTP structured cabling

Understanding MPO/MTP fiber layouts, polarity, and breakout concepts is essential for anyone working in networking, data centers, or optical infrastructure.

For network engineers and IT professionals, mastering these fiber technologies builds a strong foundation for working with modern high-speed Ethernet environments.

Disclaimer

🔐 ACL (Access Control List)

ACL is a set of rules used on routers and switches to permit or deny network traffic based on IP addresses, protocols, or ports.



ACL is used for:

• Security
• Traffic filtering
• Blocking users
• Allowing specific networks
• Firewall-like control

Used in:

• Enterprises
• Firewalls
• ISPs
• Corporate networks
• Banks

🎯 Real-Life Example

Suppose company says:

❌ HR department cannot access Server
✅ IT department can access Server

👉 ACL handles this.

🔥 What You Will Learn

✔ Permit/Deny traffic
✔ Standard ACL
✔ Extended ACL basics
✔ Interface filtering
✔ Inbound/Outbound traffic
✔ Enterprise security logic

🧪 Practical Topology

In Cisco Packet Tracer create:

PC0 ---- Switch ---- Router ---- Server

🌐 IP Addressing

🔌 Wiring

Use:
✅ Copper Straight-Through

 ⚙️ Step 1: Configure Router Interfaces

enable
configure terminal

interface g0/0
ip address 192.168.1.1 255.255.255.0
no shutdown

interface g0/1
ip address 200.1.1.1 255.255.255.0
no shutdown

 ⚙️ Step 2: Configure PC & Server

🧪 Step 3: Test Before ACL

From PC0:
ping 200.1.1.2
✔ Success

🔥 Step 4: Create ACL

Now we block PC0 from reaching Server.

🔹 Create Standard ACL

access-list 1 deny 192.168.1.10
access-list 1 permit any

🧠 Meaning

🔥 Step 5: Apply ACL to Interface

Apply on router interface:

interface g0/0
ip access-group 1 in

🧠 Important Concept

in means:

Traffic entering interface.

🔍 Packet Flow

PC0 → Router G0/0 → ACL checks → deny
Packet dropped.

🧪 Step 6: Test Again

From PC0:
ping 200.1.1.2
❌ Failed
ACL blocked it.

  

🔥 Verify ACL

Run:
show access-lists
You’ll see packet matches.

🔥 Full ACL Configuration

enable
configure terminal

access-list 1 deny 192.168.1.10
access-list 1 permit any

interface g0/0
ip access-group 1 in

🧠 VERY IMPORTANT RULE

ACL processes:

TOP → DOWN

First match wins.

🔥 Hidden Rule

Every ACL ends with:

implicit deny any

Means:
If not permitted → automatically denied.

🎯 Standard vs Extended ACL

🔥 Example Extended ACL

access-list 101 deny tcp 192.168.1.0 0.0.0.255 any eq 80

Blocks:

HTTP traffic

 

🧠 Important Interview Questions

❓ What is ACL?

 Traffic filtering/security mechanism.

❓ What is implicit deny?
Hidden deny rule at end of ACL.

❓ Difference between inbound and outbound?

❓ Which ACL is closer to destination?
Standard ACL


❓ Which ACL is closer to source?
Extended ACL

Disclaimer