Download Access Control Lists Lecture 1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
Document related concepts

Computer network wikipedia , lookup

History of network traffic models wikipedia , lookup

Windows Vista networking technologies wikipedia , lookup

Quality of service wikipedia , lookup

Packet switching wikipedia , lookup

H.323 wikipedia , lookup

Telecommunication wikipedia , lookup

AppleTalk wikipedia , lookup

IEEE 1355 wikipedia , lookup

History of telecommunication wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Communication protocol wikipedia , lookup

Parallel port wikipedia , lookup

Transcript 
Access Control Lists Lecture 1
PJC CCNA Semester 2 Ver. 3.0
by
William Kelly
ACL Definition
An ACL is a sequential group of permit
and/or deny statements that control the
flow of particular protocols or protocol
suits in or out of an interface to a
specific host or group of hosts
ACL Concepts
 Applied to a router’s interface
 Traffic is forwarded or blocked
 Each protocol must have it’s own ACL
defined (You are only allowed 1 ACL
per protocol, per port, per direction)
Why Use ACL’s ?
 Controlling traffic can increase network
performance
 Distribution of routing updates can be
controlled
 Security can be added at the network
boundary
 Specific types of traffic can be permitted
or blocked
 An administrator controls what areas a
client can access
 Screen certain hosts to either allow or
deny access to part of a network
Calculate number of ACL’s
 2 ports, each port running IP, IPX
 2 ports, each port running IP, IPX,
Appletalk
(Remember you need an ACL for each
protocol in each direction on each port)
How ACL’s Work
 Packets enter the interface
 If the packets are routable then they are
routed toward the outbound interface
 If there is no access list then the
packets proceed out the outbound
interface
 If there is an ACL then the packets are
filtered using the sequential ACL
statements
ACL Basic Flowchart
Packets Enter
Match 1st Test
Yes
No
Match
2nd
Test
Yes
Permit
No
Match Last
Test
No (Implicit
Deny
Packets Discarded
Yes
Permit or Deny
Deny
How does a Router Process an ACL?
Does the Layer 2 address
match?
Is there an inbound ACL?
Is there an outbound ACL?
Creating Standard ACL’s
 ACL statements must be in the
correct order! (Use a flowchart to
plan your logic)
 ACL’s can’t be modified (only created
and deleted). Use a text editor to
write your ACL’s
Configuring ACL’s
 ACL’s are created in Global
Configuration Mode
 Standard ACL’s are 1-99 and
Extended ACL’s are 100 – 199
 Plan your ACL’s in a flowchart
considering the protocol or protocol
suite, host or group of hosts, and
interface and direction of filtering
Configuring ACL’s (cont.)
 Define ACL
 Router(config)# access-list
access-list-num
{permit | deny} {test conditions}
 Apply ACL to interface
 Router(config-if)# {protocol}
access-group access-list number
Points to remember creating ACL’s
 Outbound ACL’s are more efficient
 If you need to alter an ACL use
no access-list list-number
(Remember you can’t modify an
standard ACL so you must erase it
and create it again with your
changes. This is why you should
create ACL’s in a text file)
(See Basic Rules in Online Curriculum)
Wildcard Mask Bits
 Wildcard mask bits appear “similar”
to a reverse subnet mask but have
NO RELATIONSHIP TO SUBNET
MASKS!!
 0 means check a position
 1 means don’t check a position
Common Wildcard command and
Abbreviations
 Permit 0.0.0.0 255.255.255.255 is
the same as permit any
 Permit 181.16.1.1 0.0.0.0 is the
same as
permit host 181.16.1.1 (ONLY A
PARTICULAR HOST IS MATCHED!!)
Commands to verify ACL’s
 show ip interface – indicates
whether any ACL’s are set
 show access-lists – Displays the
contents of all the ACL’s
 show running-config – Also shows
access lists and the interface to which
they are assigned
Standard ACL’s
 Allow denying/permitting traffic from
a specific host/group of hosts and/or
protocol suite
 Use number 1 – 99
 Only 1 protocol per port per interface
is allowed
 Can only check source address so
they should be put as close to the
destination as possible
Extended ACL’s
 Allow denying/permitting traffic from
a specific host/group of hosts and/or
protocol suite/protocol and/or
port/group of ports
 Use number 100 – 199
 Only 1 protocol per port per interface
is allowed
 Can check source and destination
address so they should be put as close
to the source as possible
Named ACL’s
 Names for standard and extended
ACL’s can be alphanumeric strings
 Use deny/no deny or permit/no
permit to change conditions of a
named standard or extended ACL
 You can’t use the same alphanumeric
name twice!
Related documents
DPI as a means of access segregation in a corporate
DPI as a means of access segregation in a corporate
ACL Connections
ACL Connections
NOTICE TO AUSTRALIAN CONSUMERS Our goods come with
NOTICE TO AUSTRALIAN CONSUMERS Our goods come with
Transcript: Network Hardening Techniques Part 1
Transcript: Network Hardening Techniques Part 1
Computer Forensics and Investigations
Computer Forensics and Investigations
Classification of ACL injuries
Classification of ACL injuries
APPLICABILITY OF OPERATIONS RESEARCH AND ARTIFICIAL
APPLICABILITY OF OPERATIONS RESEARCH AND ARTIFICIAL
this file
this file
Extended access lists
Extended access lists
Agent Communication Languages
Agent Communication Languages
Ligament and tendon practice
Ligament and tendon practice
Games and the Impossibility of Realizable Ideal Functionality
Games and the Impossibility of Realizable Ideal Functionality
Posterior Cruciate Ligaments (PCL)
Posterior Cruciate Ligaments (PCL)
Knee Ligament Injuries
Knee Ligament Injuries
Norwood Office Supplies (NOS) Case AC 432 – DeZoort Fall 2004
Norwood Office Supplies (NOS) Case AC 432 – DeZoort Fall 2004
Micro Inverter Residential PV Commercial PV Central
Micro Inverter Residential PV Commercial PV Central
Configuring Security Access Control Lists
Configuring Security Access Control Lists
Extended ACL Configuration Mode Commands
Extended ACL Configuration Mode Commands
SDN and Virtualization
SDN and Virtualization
1. Application layer, Transport layer, Internet layer, Link layer 2
1. Application layer, Transport layer, Internet layer, Link layer 2
Europeans Explore the East
Europeans Explore the East
appropriate use criteria for the treatment of anterior cruciate ligament
appropriate use criteria for the treatment of anterior cruciate ligament