Access Control Lists Part 2 - PowerPoint PPT Presentation

About This Presentation
Title:

Access Control Lists Part 2

Description:

... name Placing ACLs Place standard ACL s as close to the destination as possible since they don t specify a destination Place extended ACL s as close to ... – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 13
Provided by: trip160
Category:
Tags: access | acls | control | lists | part

less

Transcript and Presenter's Notes

Title: Access Control Lists Part 2


1
Access Control Lists Part 2
  • PJC CCNA Semester 2 Ver. 3.0
  • by
  • William Kelly

2
Standard ACLs
  • Allow denying/permitting traffic from a specific
    host/group of hosts and/or protocol suite
  • Use number 1 99 or 1300 to 1999
  • Only 1 ACL per protocol per interface per
    direction is allowed
  • Can only filter only on source address so they
    should be put as close to the destination as
    possible
  • No wildcard mask defaults to 0.0.0.0

3
Standard ACLs Syntax
  • Router(config)access-list access-list-number
    deny permit source source-wildcard log
  • Router(config-if) protocol access-group
    access-list-number
  • Router(config)no access-list access-list-number

4
Extended ACLs
  • Allow denying/permitting traffic from a specific
    host/group of hosts and/or protocol
    suite/protocol and/or port/group of ports
  • Use number 100 199 or 2000 -2699
  • Only 1 protocol per port per interface per
    direction is allowed
  • Can check source and destination address so they
    should be put as close to the source as possible

5
Extended ACLs Syntax
  • Router(config)access-list access-list-number
    deny permit source source-wildcard
    destination destination-wildcard operator
    operand established log
  • Router(config-if)ip access-group
    access-list-number in out

6
Common Services
  • Know the port of common services and whether they
    are tcp or upd so they can be permitted or denied
    in extended ACLs
  • Port 20,21,23,25,53,69,161,520 (Which services do
    these ports represent and are they tcp or udp?)

7
Named ACLs
  • Names for standard and extended ACLs can be
    alphanumeric strings
  • Use deny/no deny or permit/no permit to change
    conditions of a named standard or extended ACL
  • You cant use the same alphanumeric name twice!

8
Named ACLs Syntax
  • Ip access-list extendedstandard name

9
Placing ACLs
  • Place standard ACLs as close to the destination
    as possible since they dont specify a
    destination
  • Place extended ACLs as close to the source as
    possible
  • Consider impacts on efficiency (bandwidth
    conservation)

10
Firewalls
11
Restricting virtual terminal access
  • When controlling access to an interface, a name
    or number can be used.
  • Only numbered access lists can be applied to
    virtual lines.
  • Set identical restrictions on all the virtual
    terminal lines, because a user can attempt to
    connect to any of them.

12
Restricting vty access syntax
  • Syntax for applying an ACL to all 4 vty terminals
  • Router(config)line vty 0 4
  • Router(config-line)access-class 1 in
  • Router(config-line)Z
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Access Control Lists Part 2" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!