SlideShare a Scribd company logo

Access control list 2

Download as PPT, PDF
Kishore Kumar
Kishore Kumar
TechnologyBusiness
1 of 12
1
Access Control List • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. 2
ACL - Network Diagram 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.0 should not communicate with 2.0 network 3 1.0 should not communicate with 2.0 network
Types of Access-list • Standard ACL • Extended ACL • Named ACL 4
Standard Access List • The access-list number lies between 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. (Guideline) 5
Extended Access List • The access-list number lies between 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. (Guideline) 6
Terminology • Deny : Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. Show Diagram • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface 7
Terminology • Protocols : IP - TCP - UDP - ICMP • Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than) • Services : HTTP, FTP, TELNET, DNS, DHCP etc.. 8
Wild Card Mask • Tells the router which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 9
Wild Card Mask • A wild card mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------0. 0. 0. 15 10
11
ACL - Network Diagram 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.0 should not communicate with 2.0 network 1.0 should not communicate with 2.0 network 12

Recommended

Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
Kishore Kumar
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSDay 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
anilinvns
 
Acl
AclAcl
Acl
Raghu Kiran
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
Netwax Lab
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
Reetesh Gupta
 
Troubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper ExamplesTroubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper Examples
Salachudin Emir
 
CCNA Routing Protocols
CCNA Routing ProtocolsCCNA Routing Protocols
CCNA Routing Protocols
Dsunte Wilson
 

Recommended

Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
Kishore Kumar
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSDay 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
anilinvns
 
Acl
AclAcl
Acl
Raghu Kiran
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
Netwax Lab
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
Reetesh Gupta
 
Troubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper ExamplesTroubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper Examples
Salachudin Emir
 
CCNA Routing Protocols
CCNA Routing ProtocolsCCNA Routing Protocols
CCNA Routing Protocols
Dsunte Wilson
 
Ports and protocols
Ports and protocolsPorts and protocols
Ports and protocols
siva rama
 
Acl cisco
Acl ciscoAcl cisco
Acl cisco
Tapan Khilar
 
CCNA presentation.
CCNA presentation.CCNA presentation.
CCNA presentation.
Ajaigururaj R
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna
MohamedJafar5
 
MSTP High Level Overview
MSTP High Level OverviewMSTP High Level Overview
MSTP High Level Overview
Gary Jan
 
BASICS OF ROUTING IN NETWORKS
BASICS OF ROUTING IN NETWORKSBASICS OF ROUTING IN NETWORKS
BASICS OF ROUTING IN NETWORKS
KABILESH RAMAR
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]
Summit Bisht
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 Vlans
Vuz Dở Hơi
 
OSPF Configuration
OSPF Configuration OSPF Configuration
OSPF Configuration
NetProtocol Xpert
 
DHCP & DNS
DHCP & DNSDHCP & DNS
DHCP & DNS
NetProtocol Xpert
 
ACL on Linux - Part 1
ACL on Linux - Part 1ACL on Linux - Part 1
ACL on Linux - Part 1
GLC Networks
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
Shawn Zandi
 
Static Routing
Static RoutingStatic Routing
Static Routing
Kishore Kumar
 
Eigrp.ppt
Eigrp.pptEigrp.ppt
Eigrp.ppt
Edgardo Scrimaglia
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Network Protocol Spelunker LLDP-Link Layer Discovery Protocol-
Network Protocol Spelunker LLDP-Link Layer Discovery Protocol-Network Protocol Spelunker LLDP-Link Layer Discovery Protocol-
Network Protocol Spelunker LLDP-Link Layer Discovery Protocol-
ZenSekibe
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
Eng. Emad Al-Atoum
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
NetProtocol Xpert
 
Hot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) usingHot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) using
ShubhiGupta94
 
Ccna ppt1
Ccna ppt1Ccna ppt1
Ccna ppt1
AIRTEL
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
faust0
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 

More Related Content

What's hot

What's hot (20)

Ports and protocols
Ports and protocolsPorts and protocols
Ports and protocols
 
Acl cisco
Acl ciscoAcl cisco
Acl cisco
 
CCNA presentation.
CCNA presentation.CCNA presentation.
CCNA presentation.
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna
 
MSTP High Level Overview
MSTP High Level OverviewMSTP High Level Overview
MSTP High Level Overview
 
BASICS OF ROUTING IN NETWORKS
BASICS OF ROUTING IN NETWORKSBASICS OF ROUTING IN NETWORKS
BASICS OF ROUTING IN NETWORKS
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 Vlans
 
OSPF Configuration
OSPF Configuration OSPF Configuration
OSPF Configuration
 
DHCP & DNS
DHCP & DNSDHCP & DNS
DHCP & DNS
 
ACL on Linux - Part 1
ACL on Linux - Part 1ACL on Linux - Part 1
ACL on Linux - Part 1
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
Eigrp.ppt
Eigrp.pptEigrp.ppt
Eigrp.ppt
 
Bgp
BgpBgp
Bgp
 
Network Protocol Spelunker LLDP-Link Layer Discovery Protocol-
Network Protocol Spelunker LLDP-Link Layer Discovery Protocol-Network Protocol Spelunker LLDP-Link Layer Discovery Protocol-
Network Protocol Spelunker LLDP-Link Layer Discovery Protocol-
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
 
Hot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) usingHot standby router protocol (hsrp) using
Hot standby router protocol (hsrp) using
 
Ccna ppt1
Ccna ppt1Ccna ppt1
Ccna ppt1
 

Viewers also liked

Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Shu Shin
 
Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11
Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11
Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11
Sander Potjer
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
Nicholas Davis
 
Operating system security
Operating system securityOperating system security
Operating system security
Rachel Jeewa
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
Ali Raw
 

Viewers also liked (20)

Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
 
Access control list
Access control listAccess control list
Access control list
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11
Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11
Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11
 
CCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control ListsCCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control Lists
 
Rip Update Timers
Rip Update TimersRip Update Timers
Rip Update Timers
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
Switching 2
Switching 2Switching 2
Switching 2
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric VanderburgCCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
 
Ccna training report
Ccna training reportCcna training report
Ccna training report
 
Dynamic Routing RIP
Dynamic Routing RIPDynamic Routing RIP
Dynamic Routing RIP
 
Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Honeypot
Honeypot Honeypot
Honeypot
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 

Similar to Access control list 2

Ch2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelessCh2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wireless
kratos2424
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
Kris Mofu
 

Similar to Access control list 2 (20)

Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)Addressing in networking (IP,MAC,Port addressing)
Addressing in networking (IP,MAC,Port addressing)
 
CCNA
CCNACCNA
CCNA
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
14 network tools
14 network tools14 network tools
14 network tools
 
Networking basics
Networking basicsNetworking basics
Networking basics
 
Firewalls
FirewallsFirewalls
Firewalls
 
Ch2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wirelessCh2 ccna exploration 3 lan switching and wireless
Ch2 ccna exploration 3 lan switching and wireless
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
 
CCNA 1 v6.0 Final Exam Answers Option B 2018
CCNA 1 v6.0 Final Exam Answers Option B 2018CCNA 1 v6.0 Final Exam Answers Option B 2018
CCNA 1 v6.0 Final Exam Answers Option B 2018
 
Firewall
FirewallFirewall
Firewall
 
Unit 2 - Internet Protocol Overview - IT
Unit 2 - Internet Protocol Overview - ITUnit 2 - Internet Protocol Overview - IT
Unit 2 - Internet Protocol Overview - IT
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
 
ACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACITACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACIT
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Access List in Networks
Access List in NetworksAccess List in Networks
Access List in Networks
 
Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0
 
Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUIC
 
06 fr technology-030420
06 fr technology-03042006 fr technology-030420
06 fr technology-030420
 

More from Kishore Kumar

Route Authentication
Route AuthenticationRoute Authentication
Route Authentication
Kishore Kumar
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
Kishore Kumar
 
Ccna simulation exam practice guide
Ccna simulation exam practice guideCcna simulation exam practice guide
Ccna simulation exam practice guide
Kishore Kumar
 
Integrated Service Digital Network
Integrated Service Digital NetworkIntegrated Service Digital Network
Integrated Service Digital Network
Kishore Kumar
 

More from Kishore Kumar (20)

Switching Types
Switching TypesSwitching Types
Switching Types
 
Switching Types
Switching TypesSwitching Types
Switching Types
 
Route Authentication
Route AuthenticationRoute Authentication
Route Authentication
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
Ccna simulation exam practice guide
Ccna simulation exam practice guideCcna simulation exam practice guide
Ccna simulation exam practice guide
 
RIP Update Timers
RIP Update TimersRIP Update Timers
RIP Update Timers
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
OSPF 3
OSPF 3OSPF 3
OSPF 3
 
OSPF 2
OSPF 2OSPF 2
OSPF 2
 
Ip addressing
Ip addressingIp addressing
Ip addressing
 
Internal & External of Routers
Internal & External of RoutersInternal & External of Routers
Internal & External of Routers
 
Integrated Service Digital Network
Integrated Service Digital NetworkIntegrated Service Digital Network
Integrated Service Digital Network
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of Router
 
Frame Relay
Frame RelayFrame Relay
Frame Relay
 
Multi Static Routng & Default Routing
Multi Static Routng & Default RoutingMulti Static Routng & Default Routing
Multi Static Routng & Default Routing
 
OSI Layers
OSI LayersOSI Layers
OSI Layers
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
OSPF 3
OSPF 3OSPF 3
OSPF 3
 
OSPF 2
OSPF 2OSPF 2
OSPF 2
 
IP Addressing
IP AddressingIP Addressing
IP Addressing
 

Recently uploaded

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Access control list 2

  • 1. 1
  • 2. Access Control List • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. 2
  • 3. ACL - Network Diagram 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.0 should not communicate with 2.0 network 3 1.0 should not communicate with 2.0 network
  • 4. Types of Access-list • Standard ACL • Extended ACL • Named ACL 4
  • 5. Standard Access List • The access-list number lies between 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. (Guideline) 5
  • 6. Extended Access List • The access-list number lies between 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. (Guideline) 6
  • 7. Terminology • Deny : Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. Show Diagram • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface 7
  • 8. Terminology • Protocols : IP - TCP - UDP - ICMP • Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than) • Services : HTTP, FTP, TELNET, DNS, DHCP etc.. 8
  • 9. Wild Card Mask • Tells the router which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 9
  • 10. Wild Card Mask • A wild card mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------0. 0. 0. 15 10
  • 11. 11
  • 12. ACL - Network Diagram 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.0 should not communicate with 2.0 network 1.0 should not communicate with 2.0 network 12