Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • 1 Acls Slides

    Enviado por

    VeerubglrKumar
    13 visualizações21 páginas
    al

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    al

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    13 visualizações21 páginas

    1 Acls Slides

    Enviado por

    VeerubglrKumar
    al

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 21

    In 60 Days ICND2

    Access Lists

    Traffic Cops
    Decides what can pass through router
    Set of YES/NO filters
    Have several uses

    Use ACLs

    To filter traffic
    Reference NAT pools
    Debugging
    With route maps for routing

    Types of ACL
    Standard
    Extended
    Named

    Standard IP ACL
    Numbered from 1 to 99
    Can filter on source host/network
    Cant filter ports or protocols

    Extended IP ACLs
    Numbered from 100-199
    Filters port/destination/source etc.
    More complicated to configure

    Named ACLs
    Names instead of numbers
    Can be standard or extended
    Slightly different commands

    Need to Know...
    Port numbers
    Command syntax
    ACL rules

    Common Ports
    Port

    Service

    Port

    Service

    20

    FTP Data

    80

    HTTP

    21

    FTP Control

    110

    POP3

    22
    23

    SSH
    Telnet

    119
    123

    NNTP
    NTP

    25
    53
    69

    SMTP
    DNS
    TFTP

    161/162
    443

    SNMP
    HTTPS

    Command Syntax
    We will come to this!

    ACL Rule #1
    One ACL per interface per direction
    One incoming
    One outgoing

    One incoming
    One outgoing

    ACL Rule #2
    Processed top down
    Incoming 172.16.1.1
    Permit 10.0.0.0

    No match

    Permit 192.168.1.1
    Permit 172.16.0.0
    Permit 172.16.1.0
    Deny 172.16.1.1

    No match
    Match Permit
    Not processed
    Not processed

    ACL Rule #3
    Implicit deny all at bottom
    Incoming 172.20.1.1
    Permit 10.0.0.0

    No match

    Permit 192.168.1.1
    Permit 172.16.0.0
    Permit 172.16.1.0
    Deny all

    No match
    No match
    No match
    Match DROP PACKET

    ACL Rule #4
    Router cant filter self generated traffic
    ACL Deny 172.16.1.1
    BLOCKED

    ACL Deny 172.16.1.1


    UNCHECKED

    Ping 172.16.1.1

    Ping 172.16.1.1

    172.16.1.1

    172.16.1.1

    ACL Rule #5 Cant Edit Live


    Cant edit live standard or extended lists
    Can edit named
    1. Stop access list working (from interface)
    2. Copy into notepad edit - reapply

    ACL Rule #6
    Disable ACL on the interface
    R1(config)#no ip access-group 101 in

    ACL Rule #7
    Can reuse the same ACL

    S0/0
    ACL 101 IN

    S0/1
    ACL 101 IN
    ACL 101 Deny Web Traffic

    ACL Rule #8
    Keep em short
    Most specific rules at top
    Permit 10.0.0.0
    Permit 192.168.1.1
    Permit 172.16.0.0
    Deny 172.16.1.1

    Should be at top

    ACL Rule #9
    Place as close to traffic source as possible
    Do not put it here

    S0/1
    ACL 101 IN

    ACL 101 Deny Web Traffic

    End

    Você também pode gostar