access control lists lecture 1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Access Control Lists Lecture 1 PowerPoint Presentation
Download Presentation
Access Control Lists Lecture 1

Loading in 2 Seconds...

play fullscreen
1 / 18

Access Control Lists Lecture 1 - PowerPoint PPT Presentation


  • 228 Views
  • Uploaded on

Access Control Lists Lecture 1. PJC CCNA Semester 2 Ver. 3.0 by William Kelly. ACL Definition. An ACL is a sequential group of permit and/or deny statements that control the flow of particular protocols or protocol suits in or out of an interface to a specific host or group of hosts.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Access Control Lists Lecture 1' - Gabriel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
access control lists lecture 1

Access Control Lists Lecture 1

PJC CCNA Semester 2 Ver. 3.0

by

William Kelly

acl definition
ACL Definition

An ACL is a sequential group of permit

and/or deny statements that control the

flow of particular protocols or protocol

suits in or out of an interface to a

specific host or group of hosts

acl concepts
ACL Concepts
  • Applied to a router’s interface
  • Traffic is forwarded or blocked
  • Each protocol must have it’s own ACL defined (You are only allowed 1 ACL per protocol, per port, per direction)
why use acl s
Why Use ACL’s?
  • Controlling traffic can increase network performance
  • Distribution of routing updates can be controlled
  • Security can be added at the network boundary
  • Specific types of traffic can be permitted or blocked
  • An administrator controls what areas a client can access
  • Screen certain hosts to either allow or deny access to part of a network
calculate number of acl s
Calculate number of ACL’s
  • 2 ports, each port running IP, IPX
  • 2 ports, each port running IP, IPX, Appletalk

(Remember you need an ACL for each

protocol in each direction on each port)

how acl s work
How ACL’s Work
  • Packets enter the interface
  • If the packets are routable then they are routed toward the outbound interface
  • If there is no access list then the packets proceed out the outbound interface
  • If there is an ACL then the packets are filtered using the sequential ACL statements
how does a router process an acl
How does a Router Process an ACL?
  • Does the Layer 2 address match?
  • Is there an inbound ACL?
  • Is there an outbound ACL?
creating standard acl s
Creating Standard ACL’s
  • ACL statements must be in the correct order! (Use a flowchart to plan your logic)
  • ACL’s can’t be modified (only created and deleted). Use a text editor to write your ACL’s
configuring acl s
Configuring ACL’s
  • ACL’s are created in Global Configuration Mode
  • Standard ACL’s are 1-99 and Extended ACL’s are 100 – 199
  • Plan your ACL’s in a flowchart considering the protocol or protocol suite, host or group of hosts, and interface and direction of filtering
configuring acl s cont
Configuring ACL’s (cont.)
  • Define ACL
    • Router(config)# access-list access-list-num {permit | deny} {test conditions}
  • Apply ACL to interface
    • Router(config-if)# {protocol} access-group access-list number
points to remember creating acl s
Points to remember creating ACL’s
  • Outbound ACL’s are more efficient
  • If you need to alter an ACL use

no access-list list-number

(Remember you can’t modify an standard ACL so you must erase it and create it again with your changes. This is why you should create ACL’s in a text file)

(See Basic Rules in Online Curriculum)

wildcard mask bits
Wildcard Mask Bits
  • Wildcard mask bits appear “similar” to a reverse subnet mask but have NO RELATIONSHIP TO SUBNET MASKS!!
  • 0 means check a position
  • 1 means don’t check a position
common wildcard command and abbreviations
Common Wildcard command and Abbreviations
  • Permit 0.0.0.0 255.255.255.255is the same as permit any
  • Permit 181.16.1.1 0.0.0.0is the same aspermit host 181.16.1.1(ONLY A PARTICULAR HOST IS MATCHED!!)
commands to verify acl s
Commands to verify ACL’s
  • show ip interface – indicates whether any ACL’s are set
  • show access-lists – Displays the contents of all the ACL’s
  • show running-config – Also shows access lists and the interface to which they are assigned
standard acl s
Standard ACL’s
  • Allow denying/permitting traffic from a specific host/group of hosts and/or protocol suite
  • Use number 1 – 99
  • Only 1 protocol per port per interface is allowed
  • Can only check source address so they should be put as close to the destination as possible
extended acl s
Extended ACL’s
  • Allow denying/permitting traffic from a specific host/group of hosts and/or protocol suite/protocol and/or port/group of ports
  • Use number 100 – 199
  • Only 1 protocol per port per interface is allowed
  • Can check source and destination address so they should be put as close to the source as possible
named acl s
Named ACL’s
  • Names for standard and extended ACL’s can be alphanumeric strings
  • Use deny/no deny or permit/no permit to change conditions of a named standard or extended ACL
  • You can’t use the same alphanumeric name twice!