Scribd Logo
Carica

Benvenuto in Scribd!

  • Acl 1

    Caricato da

    Amro Goneim
    14 visualizzazioni8 pagine
    ACL Training-1

    Titolo originale

    ACL-1

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    ACL Training-1

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    14 visualizzazioni8 pagine

    Acl 1

    Caricato da

    Amro Goneim
    ACL Training-1

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 8

    CCNA Training Access List Tutorial

    Type text to search here...

    Page 1 of 8

    Submit Query

    Home > Access List Tutorial

    Access List Tutorial


    February 13th, 2011 Go to comments
    In this tutorial we will learn about access list.
    Access control lists (ACLs) provide a means to filter packets by allowing a user to permit or deny IP
    packets from crossing specified interfaces. Just imagine you come to a fair and see the guardian
    checking tickets. He only allows people with suitable tickets to enter. Well, an access lists function is
    same as that guardian.
    Access lists filter network traffic by controlling whether packets are forwarded or blocked at the routers
    interfaces based on the criteria you specified within the access list.
    To use ACLs, the system administrator must first configure ACLs and then apply them to specific
    interfaces. There are 3 popular types of ACL: Standard, Extended and Named ACLs.
    Standard IP Access List
    Standard IP lists (1-99) only check source addresses of all IP packets.
    Configuration Syntax
    access-list access-list-number {permit | deny} source {source-mask}
    Apply ACL to an interface
    ip access-group access-list-number {in | out}
    Example of Standard IP Access List

    http://www.9tut.com/access-list-tutorial

    12/15/2015

    CCNA Training Access List Tutorial

    Page 2 of 8

    Configuration:
    In this example we will define a standard access list that will only allow network 10.0.0.0/8 to access the
    server (located on the Fa0/1 interface)
    Define which source is allowed to pass:
    Router(config)#access-list 1 permit 10.0.0.0 0.255.255.255
    (there is always an implicit deny all other traffic at the end of each ACL so we dont need to define
    forbidden traffic)
    Apply this ACL to an interface:
    Router(config)#interface Fa0/1
    Router(config-if)#ip access-group 1 out
    The ACL 1 is applied to permit only packets from 10.0.0.0/8 to go out of Fa0/1 interface while deny all
    other traffic. So can we apply this ACL to other interface, Fa0/2 for example? Well we can but shouldnt
    do it because users can access to the server from other interface (s0 interface, for example). So we can
    understand why an standard access list should be applied close to the destination.
    Note: The 0.255.255.255 is the wildcard mask part of network 10.0.0.0. We will learn how to use
    wildcard mask later.
    Extended IP Access List
    Extended IP lists (100-199) check both source and destination addresses, specific UDP/TCP/IP
    protocols, and destination ports.
    Configuration Syntax
    access-list access-list-number {permit | deny} protocol source {source-mask} destination {destinationmask} [eq destination-port]

    http://www.9tut.com/access-list-tutorial

    12/15/2015

    CCNA Training Access List Tutorial

    Page 3 of 8

    Example of Extended IP Access List

    In this example we will create an extended ACL that will deny FTP traffic from network 10.0.0.0/8 but
    allow other traffic to go through.
    Note: FTP uses TCP on port 20 & 21.
    Define which protocol, source, destination and port are denied:
    Router(config)#access-list 101 deny tcp 10.0.0.0 0.255.255.255 187.100.1.6 0.0.0.0 eq 21
    Router(config)#access-list 101 deny tcp 10.0.0.0 0.255.255.255 187.100.1.6 0.0.0.0 eq 20
    Router(config)#access-list 101 permit ip any any
    Apply this ACL to an interface:
    Router(config)#interface Fa0/1
    Router(config-if)#ip access-group 101 out
    Notice that we have to explicit allow other traffic (access-list 101 permit ip any any) as there is an deny
    all command at the end of each ACL.
    As we can see, the destination of above access list is 187.100.1.6 0.0.0.0 which specifies a host. We
    can use host 187.100.1.6 instead. We will discuss wildcard mask later.
    In summary, below is the range of standard and extended access list
    Access list type Range
    Standard

    1-99, 1300-1999

    Extended

    100-199, 2000-2699

    Pages: 1 2

    http://www.9tut.com/access-list-tutorial

    12/15/2015

    CCNA Training Access List Tutorial

    Page 4 of 8

    Comments (465) Comments


    Comment pages
    Previous 1 8 9 10 458
    1. skypee
    November 26th, 2015
    plz send me the latest ccna dump 200-120 to hanrry571@yahoo.com.have exam very soon plz
    2. Anonymous
    November 27th, 2015
    Please sent me latest dumps to my mail id, My mail id is rachnanagdev@yahoo.co.in
    3. Matz
    November 27th, 2015
    Please sent me latest ccna dump 200-120 to my mail id, is juan_0126@hotmail.com
    Thank you
    4. busy man
    November 29th, 2015
    plz send me the latest ccna dump 640-802 to 4busyman@gmail.com. have exam very soon plz
    5. abi
    November 30th, 2015
    hello, can anyone send me the latest CCNA dumps. email:abhijithmeda1991@gmail.com
    6. Steven Webb
    December 1st, 2015
    Please send latest dumps steven.webb500@ntlworld.com as I take the exam on the 10 of this
    month plz
    7. Steven Webb
    December 1st, 2015
    the 200-120 CCNA dumps soz
    8. Fermin
    December 3rd, 2015
    cheap jerseys usa Seattle Seahawks Jerseys cheap jerseys usa
    9. Anonymous
    December 7th, 2015

    http://www.9tut.com/access-list-tutorial

    12/15/2015

    CCNA Training Access List Tutorial

    Page 5 of 8

    please Can someone please send me the latest dumps for CCNA 200-120
    sayedahmed25@gmail.com
    many graet thanks for anyone helping me
    10. Anonymus
    December 7th, 2015
    the latest dumps 200-120
    ggithinji80@gmail.com
    11. the latest dumps 200-120
    December 10th, 2015
    snpier86@yahoo.com
    12. Omar Saeed
    December 12th, 2015
    plz send me the latest ccna dump 200-120 to pic-1@msn.com plzzz
    13. Anonymous
    December 13th, 2015
    Remember these rules for ACLs :
    ACLS IS A SET OF CONDITIONS
    TYPES : STANDARD AND EXTENDED , NAMED(sTANDARD/EXTENDED)
    AN ACL IS READ INORDER 1,2,3
    AN ACL HAS AN IMPLICIT DENY (INVISIBLE, RUNS IN THE BACKGROUND)
    IF YOU RUN AN ACL WITH A DENY STATEMENT, YOU MUST END THE STATEMENT
    WITH PERMIT ANY
    YOU CAN HAVE ONLY HAVE ONE ACL PER INTERFACE PER PROTOCOL PER
    DIRECTION :
    ONE ACL/PROTOCOL/DIRECTION
    YOU CANNOT REMOVE A NUMBERED ACL THAT LIES WITHIN THE GROUP : YOU
    HAVE MORE FLEXIBILITY WITH NAMED ACLS THEN WITH NUMBERED ACLS
    ON THE TOP MORE SPECIFIC PERMIT/DENY , ON THE BOTTOM MOST GENERAL
    PERMIT/DENY
    USE WILDCARD MASKING W/ACLS

    http://www.9tut.com/access-list-tutorial

    12/15/2015

    CCNA Training Access List Tutorial

    Page 6 of 8

    14. Carllton
    December 13th, 2015
    EXAMPLE , HOW TO APPLY AN ACL :
    * ONE ACL/ ONE PROTOCOL/ ONE DIRECTION
    #CONFIG T
    #INT F0/0.10
    #IP ACCESS-GROUP 10 IN
    15. Anonymous
    December 15th, 2015
    My exam is very soon. Could someone please send the latest dump to networknows@gmail.com
    Thank you
    Comment pages
    Previous 1 8 9 10 458
    Add a Comment
    Name

    Submit Comment

    Subscribe to comments feed


    CCNA VTP Questions CCNA Hotspot

    Premium Membership
    Become a member to interact with all questions and read all tutorials, labs!

    Find out more or Sign In

    http://www.9tut.com/access-list-tutorial

    12/15/2015

    CCNA Training Access List Tutorial

    Page 7 of 8

    CCNA 200-120
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z
    z

    CCNA Lab Sim


    CCNA Basic Questions
    CCNA OSI & TCP/IP Model
    CCNA IOS Questions
    CCNA WAN Questions
    CCNA Switch Questions
    CCNA Switch Questions 2
    CCNA VLAN Questions
    CCNA Trunking Questions
    CCNA Trunking Questions 2
    CCNA EtherChannel
    CCNA InterVLAN Questions
    CCNA STP
    CCNA STP 2
    CCNA RSTP
    CCNA Access list Questions
    CCNA Subnetting
    CCNA Subnetting 2
    CCNA IP Routing Questions
    CCNA IP Routing 2
    CCNA Frame Relay
    CCNA Frame Relay 2
    CCNA NAT PAT Questions
    CCNA OSPF Questions
    CCNA OSPF Questions 2
    CCNA EIGRP Questions
    CCNA DHCP Questions
    CCNA HSRP VRRP GLBP
    CCNA SNMP Questions
    CCNA NetFlow Questions
    CCNA Syslog Questions
    CCNA Security Questions
    CCNA Operation Questions
    CCNA Operation 2
    CCNA Show commands
    CCNA Troubleshooting
    CCNA IPv6
    CCNA IPv6 Questions 2
    CCNA Drag and Drop 1
    CCNA Drag and Drop 2
    CCNA Drag and Drop 3
    CCNA Drag and Drop 4
    CCNA Drag and Drop 5
    CCNA FAQs & Tips
    Share your CCNA Experience

    http://www.9tut.com/access-list-tutorial

    12/15/2015

    CCNA Training Access List Tutorial

    Page 8 of 8

    CCNA Self-Study
    z
    z
    z

    Practice CCNA GNS3 Labs


    CCNA Knowledge
    CCNA Lab Challenges

    Network Resources
    z

    Free Router Simulators

    ICND1/ICND2 Website

    CCNP - ROUTE Website

    CCNP - SWITCH Website

    CCNP - TSHOOT Website

    CCNA Security Website

    CCNA Voice Website

    CCNA Wireless Website

    CCIE Website

    Top

    Copyright 2010-2013 CCNA Training


    Site Privacy Policy. Valid XHTML 1.1 and CSS 3.BH

    http://www.9tut.com/access-list-tutorial

    12/15/2015

    Potrebbero piacerti anche