1 / 20

CCNA ACLs Deepdive February, 2012

CCNA ACLs Deepdive February, 2012. Jaskaran Kalsi Assoc. Technical Manager Europe/ CEE / RCIS Cisco Networking Academy . Agenda. CCNA & ACLs. Packet Filtering & ACL Overview. Standard ACL Configuration. Extended ACL Configuration. Demo & Summary. Objective.

yank
Download Presentation

CCNA ACLs Deepdive February, 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CCNA ACLs DeepdiveFebruary, 2012 Jaskaran Kalsi Assoc. Technical Manager Europe/CEE/RCIS Cisco Networking Academy

  2. Agenda CCNA & ACLs Packet Filtering & ACL Overview Standard ACL Configuration Extended ACL Configuration Demo & Summary

  3. Objective • Provide a brief review of ACLs. • Demonstrate a brief example of how ACLs can be administered. • Provide a brief description of the troubleshooting scenarios that are available. • Focus on the use of Packet Tracer as a simulation tool and create an interactive session where the audience troubleshoots and pre-configured network.

  4. ACLs Overview

  5. ACLs & NetAcad CCNA • ACLs are an area that not only students struggle with but also instructors. • ACLs are covered in both CCNA Discovery & Exploration. • CCNA Exploration: • CCNA Exploration 4 - Chapter 5 • ACL theory • ACL examples • Packet Tracer Activities

  6. Packet Filtering • Controls access to a network • Analyzes incoming and outgoing packets. • Either permits or denies them based on a predefined set of criteria. • Routers act as packet filters • Make decisions based on source & destination IP addresses. • Source port; Destination port; & protocols can also be a determining factors. • ACLs are sequential lists that include the following: • Permit statement. • Deny statements. • They extract info from the packet header and test it against the permit/deny rules.

  7. Packet Filtering Example

  8. What is an ACL?

  9. How do ACLs work? Inbound ACLs Outbound ACLs

  10. ACLs: Review • Standard Access Control Lists • ACLs numbered 1-99 or 1300-1999 • IPv4 & IPv6 • Filter solely on Layer 3 source information • Extended Access Control Lists

  11. ACLs: Caveats • Standard ACLs - placed as close to the destination as possible • Extended ACLs - placed on routers as close as possible to the source that is being filtered.

  12. ACLs: Wildcard Masking

  13. ACLs: Standard ACL Config Task: Block host 10.0.0.3 from gaining access on 40.0.0.0. While 10.0.0.3 must be able to communicate with other networks. All other computers from the network of 10.0.0.0 must be able to connect with the network of 40.0.0.0. R2>enable R2#configureterminal R2(config)#access-list 1 deny host 10.0.0.3 R2(config)#access-list 1 permit any R2(config)#interface FastEthernet0/1 R2(config-if)#ip access-group 1 out

  14. ACLs: Extended • Usually range from 100-199 and 2000-2699. • Extended ACLs check sources & destination address; ports; & protocols. • Hence provide a greater range of control and enhance security.

  15. ACLs: Extended ACL Config

  16. ACLs: Reflexive; Dynamic; Timed • Reflexive ACLs • Dynamically allow reply packets • Work with TCP & UDP sessions initiated internally • Reduced exposure to spoofing and DoS attacks • Dynamic ACLs • Also known as ‘Lock-and-Key’ ACLs • Were available only for IP traffic • Dependent on Telnet connectivity, authentication, & E-ACLs • Time Based ACLs • Allow for access control based upon time of day, day of the week, or day of the month.

  17. Quiz Question • Which three statements should be considered when applying ACLs to a Cisco router? (Choose three) • Place generic ACL entries at the top of the ACL. • Place more specific ACL entries at the top of the ACL. • Router-generated packets pass through ACLs without filtering. • ACLs always search for the most specific entry before taking any filtering action. • An access list applied to any interface without a configured ACL allows all traffic to pass.

  18. ACL Configuration Demo

  19. ACLs: Configuration DEMO

More Related