access control lists n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Access Control Lists PowerPoint Presentation
Download Presentation
Access Control Lists

Loading in 2 Seconds...

play fullscreen
1 / 21

Access Control Lists - PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on

Access Control Lists. Types. Standard Extended. Standard ACLs. Use only the packet’s source address for comparison 1-99. Extended ACLs. Provide more precise (finer tuned) packet selection based on: Source and destination addresses Protocols Port numbers 100-199.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Access Control Lists' - zeki


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
types
Types
  • Standard
  • Extended
standard acls
Standard ACLs
  • Use only the packet’s source address for comparison
  • 1-99
extended acls
Extended ACLs
  • Provide more precise (finer tuned) packet selection based on:
    • Source and destination addresses
    • Protocols
    • Port numbers
  • 100-199
steps to create an acl
Steps to Create an ACL
  • Create ACL in global config
  • Assign to interface
  • Decide the direction
    • In
    • Out
how do acls work
How do ACLs work?
  • Processing occurs line by line from top to bottom.
  • New lines are added at the end of the current list.
  • Last line of an ACL is an implicit “deny any.”
how does a standard acl work
How does a Standard ACL work?
  • If source IP address is matched:
    • Permit or deny statement is processed
      • Permit – action in ACL is performed
      • Deny – packet is dropped
      • Implicit Deny – If a packet’s address does not match an earlier statement an implicit deny any occurs at the end of every ACL and the packet is dropped.
wildcard masks
Wildcard Masks
  • Are used to specify (by bits) the traffic you are trying to filter by address.
  • Use 1s to ignore, 0s to match.
  • In the example below, only the 1st 2 octets will be examined:
    • 172.16.0.0 0.0.255.255
global standard acl command
Global Standard ACL command
  • access-listaccess-list-number {permit |deny} source-ip-addresswildcard-mask [log]
  • Log – causes each packet that matches this statement to generate a log entry that is recorded by the router.
examples of standard acls
Examples of Standard ACLs
  • To permit all packets for the network number 172.16.0.0
    • Access-list 20 permit 172.16.0.0 0.0.255.255
examples cont d
Examples Cont’d
  • To permit traffic from the host 172.16.1.1 only
    • Access-list 20 permit 172.16.1.1 0.0.0.0
examples cont d1
Examples Cont’d
  • To permit traffic from any source address.
    • Access-list 20 permit 0.0.0.0 255.255.255.255

OR

    • Access-list 20 permit any
examples cont d2
Examples Cont’d
  • To permit traffic from the subnet 12.16.0.0 through 12.31.0.0
    • Access-list 20 permit 12.16.0.0 0.15.255.255
identical statements
Identical Statements
  • Access-list 22 permit 0.0.0.0 255.255.255.255
  • Access-list 22 permit any
identical statements1
Identical Statements
  • Access-list 23 permit 172.16.1.1 0.0.0.0
  • Access-list 23 permit host 172.16.1.1
how does an extended acl work
How does an Extended ACL work?
  • All conditions must match
  • Test sequence in this order
    • Source Address
    • Destination Address
    • Protocol
    • Port No. or Protocol Options
    • Permit or Deny decision
extended acl command
Extended ACL command
  • access-listnumber {permit|deny} protocolsource-ip-addresssource-wildcard-maskdestination-ip-addressdestination-wildcard-maskeqport-number [log]
some protocols with port numbers
Some Protocols with Port Numbers
  • FTP – 21
  • Telnet – 23
  • SMTP – 25
  • DNS – 53
  • TFTP – 69
  • WWW, HTML – 80
  • POP3 - 110
  • SNMP - 161
major differences
Major differences
  • Standard ACL
    • Use only source address and requires fewer CPU cycles.
    • Place as close to destination as possible.
  • Extended ACL
    • More flexible and requires more CPU cycles.
    • Place as close to source as possible. (This keeps undesired traffic and ICMP messages away from the network backbone.)
do i place an acl in
Do I place an ACL in?
  • In
    • Requires less CPU processing because every packet bypasses processing before it is routed.
    • Filtering decision is made prior to the routing table.
do i place an acl out
Do I place an ACL out?
  • Out
    • Routing decision has been made and the packet is switched to the proper outbound interface before it is tested against the access list.
    • ACLs are outbound unless otherwise specified.