Access control list 2

1,379 views
1,181 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,379
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
184
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Access control list 2

  1. 1. 1
  2. 2. Access Control List • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. 2
  3. 3. ACL - Network Diagram 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.0 should not communicate with 2.0 network 3 1.0 should not communicate with 2.0 network
  4. 4. Types of Access-list • Standard ACL • Extended ACL • Named ACL 4
  5. 5. Standard Access List • The access-list number lies between 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. (Guideline) 5
  6. 6. Extended Access List • The access-list number lies between 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. (Guideline) 6
  7. 7. Terminology • Deny : Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. Show Diagram • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface 7
  8. 8. Terminology • Protocols : IP - TCP - UDP - ICMP • Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than) • Services : HTTP, FTP, TELNET, DNS, DHCP etc.. 8
  9. 9. Wild Card Mask • Tells the router which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 9
  10. 10. Wild Card Mask • A wild card mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------0. 0. 0. 15 10
  11. 11. 11
  12. 12. ACL - Network Diagram 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.0 should not communicate with 2.0 network 1.0 should not communicate with 2.0 network 12

×