SlideShare a Scribd company logo

04 zxr10 bc-en-acl principle and configuration (acl principle)-1-ppt-201105 24

L
legasu zemene

nhfdgj

Engineering
1 of 24
Download to read offline
ACL Principle V1.1
Objectives Understand the basic function of ACL Know when and how to use ACL
Contents ACL conception and function ACL types ACL working principle ACL rule
FDDI 172.16.0.0 172.17.0.0 Token Ring Internet Why Use Access Lists? Manage IP traffic as network access grows Filter packets as they pass through the router
Access List Applications Permit or deny packets moving through the router Permit or deny telnet access to or from the router Without access lists all packets could be transmitted onto all parts of your network telnet access (IP) Transmission of packets on an interface
ACL Configuration Procedure Define trigger condition Define packet matching rules Bind to interface or service Packet outgoing interfacePacket incoming interface ACL process permit? Source IP、 Destination IP protocol
Contents ACL conception and function ACL types ACL working principle ACL rule
Dest Address Source Address Protocol Port number Segment Header (TCP Header) Data Packet Header (IP Header ) Frame Header (e.g. HDLC) Use ACL to check data Deny Permit ACL Types and Matching Conditions Standard ACL Use source address as filtering standard Can generally restrict a kind of protocol Extend ACL Use five elements to filter packets Can restrict a concrete protocol accurately
ACL Types and Matching Conditions
IPv6 ACL Command Structure Command structure for standard ACL Command structure for extend ACL
Contents ACL conception and function ACL types ACL working principle ACL rule
Inbound Interface Packets N Y Packet Discard Bucket Choose Interface NAccess List ? Routing Table Entry ? Y Outbound Interface Packets S0 Outbound Access Lists
Outbound Interface Packets N Y Packet Discard Bucket Choose Interface Routing Table Entry ? N Packets Test Access List Statements Permit ? Y Outbound Access Lists Access List ? Y S0 E0 Inbound Interface Packets
Notify Sender Outbound Access Lists If no access list statement matches then discard the packet N Y Packet Discard Bucket Choose Interface Routing Table Entry ? N Y Test Access List Statements Permit ? Y Access List ? Discard Packet N Outbound Interface Packets Packets S0 E0 Inbound Interface Packets
Contents ACL conception and function ACL types ACL working principle ACL rule
A List of Tests: Deny or Permit Packets to Interface(s) in the access group Packet Discard Bucket Y Interface(s) Destination Deny Deny Y Match First Rule ? Permit
A List of Tests: Deny or Permit Packets to Interface(s) in the Access Group Packet Discard Bucket Y Interface(s) Destination Deny Deny Y Match First Rule ? Permit N Deny Permit Match Next Rule(s) ? YY
A List of Tests: Deny or Permit Packets to Interface(s) in the Access Group Packet Discard Bucket Y Interface(s) Destination Deny Deny Y Match First Rule ? Permit N Deny Permit Match Next Rule(s) ? Deny Match Last Rule ? YY N YY Permit
A List of Tests: Deny or Permit Packets to Interface(s) in the Access Group Packet Discard Bucket Y Interface(s) Destination Deny Y Match First Rule ? Permit N Deny Permit Match Next Rule(s) ? Deny Match Last Rule ? YY N YY Permit Implicit Deny If no match deny all Deny N
ACL Rule Conclusion Q:How to arrange the sequence of rules when configuring ACL ACL matching execute from top to bottom, if one statement match the packets, it will execute the corresponding rule (permit or deny) and then jump out of ACL. There is an implicit rule “Deny all” at the end of each ACL. ACL can be applied to inbound or outbound direction of a concrete IP interface ACL can be applied to a specific system service (e.g. Telnet service on device) Before applying ACL, we should create it We can set only one ACL for a specific protocol on one direction of an interface at one time
Where to apply ACL? Standard ACL: near the destination Extend ACL: near the source E0 E0 E1 S0 To0 S1 S0 S1 E0 E0Token Ring BB AA DD PC_A PC_B
Content Review ACL conception and usage ACL working principle ACL types ACL rule
Questions Where to place standard ACL in the network? Where to place extend ACL? What will be done to the packet if there are no matches in the ACL? How to arrange the sequence of rules when configuring ACL? What will happen if a data packet pass an interface that no ACL is defined?
04 zxr10 bc-en-acl principle and configuration (acl principle)-1-ppt-201105 24

Recommended

11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 2611 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26legasu zemene
 
01 ip oc180 e1_1 zxr10 m6000_t8000 basic operation (v1.00.20)
01 ip oc180 e1_1 zxr10 m6000_t8000 basic operation (v1.00.20)01 ip oc180 e1_1 zxr10 m6000_t8000 basic operation (v1.00.20)
01 ip oc180 e1_1 zxr10 m6000_t8000 basic operation (v1.00.20)legasu zemene
 
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 2408 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24legasu zemene
 
Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)逸云 张
 
05 ip oc305 2_e1_1 zxr10 m6000&t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&t8000 acl configuration (v1.00.30) 3105 ip oc305 2_e1_1 zxr10 m6000&t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&t8000 acl configuration (v1.00.30) 31legasu zemene
 
Zxsdr bs8900 a product description 20101026
Zxsdr bs8900 a product description 20101026Zxsdr bs8900 a product description 20101026
Zxsdr bs8900 a product description 20101026Adeep Asaad
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
MPLS-based Metro Ethernet Networks
MPLS-based Metro Ethernet NetworksMPLS-based Metro Ethernet Networks
MPLS-based Metro Ethernet NetworksAPNIC
 

Recommended

11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 2611 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26legasu zemene
 
01 ip oc180 e1_1 zxr10 m6000_t8000 basic operation (v1.00.20)
01 ip oc180 e1_1 zxr10 m6000_t8000 basic operation (v1.00.20)01 ip oc180 e1_1 zxr10 m6000_t8000 basic operation (v1.00.20)
01 ip oc180 e1_1 zxr10 m6000_t8000 basic operation (v1.00.20)legasu zemene
 
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 2408 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24legasu zemene
 
Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)逸云 张
 
05 ip oc305 2_e1_1 zxr10 m6000&t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&t8000 acl configuration (v1.00.30) 3105 ip oc305 2_e1_1 zxr10 m6000&t8000 acl configuration (v1.00.30) 31
05 ip oc305 2_e1_1 zxr10 m6000&t8000 acl configuration (v1.00.30) 31legasu zemene
 
Zxsdr bs8900 a product description 20101026
Zxsdr bs8900 a product description 20101026Zxsdr bs8900 a product description 20101026
Zxsdr bs8900 a product description 20101026Adeep Asaad
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
MPLS-based Metro Ethernet Networks
MPLS-based Metro Ethernet NetworksMPLS-based Metro Ethernet Networks
MPLS-based Metro Ethernet NetworksAPNIC
 
Acl
AclAcl
AclVicky Kamboj
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnaernestlithur
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
acl configuration
acl configurationacl configuration
acl configurationRandyDookheran1
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control listdiah risqiwati
 
10 module
10 module10 module
10 moduleAsif
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access ListsDsunte Wilson
 
Network Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxNetwork Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxZalmaanabdi
 
Network Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxNetwork Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxZalmaanabdi
 
CCNP 642-732 Training
CCNP 642-732 TrainingCCNP 642-732 Training
CCNP 642-732 Trainingsaenaetr
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and aclSagarR24
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace securitySagarR24
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access ListsCCNAResources
 
5 ip security ipsec gre
5 ip security ipsec gre5 ip security ipsec gre
5 ip security ipsec greSagarR24
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
SwOS (MikroTik Switch OS) Administration Guide
SwOS (MikroTik Switch OS) Administration GuideSwOS (MikroTik Switch OS) Administration Guide
SwOS (MikroTik Switch OS) Administration GuideTũi Wichets
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 

More Related Content

Similar to 04 zxr10 bc-en-acl principle and configuration (acl principle)-1-ppt-201105 24

Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control listdiah risqiwati
 
10 module
10 module10 module
10 moduleAsif
 
Network Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxNetwork Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxZalmaanabdi
 
Network Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxNetwork Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxZalmaanabdi
 
CCNP 642-732 Training
CCNP 642-732 TrainingCCNP 642-732 Training
CCNP 642-732 Trainingsaenaetr
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and aclSagarR24
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace securitySagarR24
 
5 ip security ipsec gre
5 ip security ipsec gre5 ip security ipsec gre
5 ip security ipsec greSagarR24
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
SwOS (MikroTik Switch OS) Administration Guide
SwOS (MikroTik Switch OS) Administration GuideSwOS (MikroTik Switch OS) Administration Guide
SwOS (MikroTik Switch OS) Administration GuideTũi Wichets
 

Similar to 04 zxr10 bc-en-acl principle and configuration (acl principle)-1-ppt-201105 24 (20)

Acl
AclAcl
Acl
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Acl
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
acl configuration
acl configurationacl configuration
acl configuration
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
 
10 module
10 module10 module
10 module
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access Lists
 
Network Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxNetwork Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptx
 
Network Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptxNetwork Security p7 ACL with Established Option.pptx
Network Security p7 ACL with Established Option.pptx
 
CCNP 642-732 Training
CCNP 642-732 TrainingCCNP 642-732 Training
CCNP 642-732 Training
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and acl
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace security
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
5 ip security ipsec gre
5 ip security ipsec gre5 ip security ipsec gre
5 ip security ipsec gre
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
SwOS (MikroTik Switch OS) Administration Guide
SwOS (MikroTik Switch OS) Administration GuideSwOS (MikroTik Switch OS) Administration Guide
SwOS (MikroTik Switch OS) Administration Guide
 

Recently uploaded

Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 

Recently uploaded (20)

Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 

04 zxr10 bc-en-acl principle and configuration (acl principle)-1-ppt-201105 24

  • 2. Objectives Understand the basic function of ACL Know when and how to use ACL
  • 3. Contents ACL conception and function ACL types ACL working principle ACL rule
  • 4. FDDI 172.16.0.0 172.17.0.0 Token Ring Internet Why Use Access Lists? Manage IP traffic as network access grows Filter packets as they pass through the router
  • 5. Access List Applications Permit or deny packets moving through the router Permit or deny telnet access to or from the router Without access lists all packets could be transmitted onto all parts of your network telnet access (IP) Transmission of packets on an interface
  • 6. ACL Configuration Procedure Define trigger condition Define packet matching rules Bind to interface or service Packet outgoing interfacePacket incoming interface ACL process permit? Source IP、 Destination IP protocol
  • 7. Contents ACL conception and function ACL types ACL working principle ACL rule
  • 8. Dest Address Source Address Protocol Port number Segment Header (TCP Header) Data Packet Header (IP Header ) Frame Header (e.g. HDLC) Use ACL to check data Deny Permit ACL Types and Matching Conditions Standard ACL Use source address as filtering standard Can generally restrict a kind of protocol Extend ACL Use five elements to filter packets Can restrict a concrete protocol accurately
  • 9. ACL Types and Matching Conditions
  • 10. IPv6 ACL Command Structure Command structure for standard ACL Command structure for extend ACL
  • 11. Contents ACL conception and function ACL types ACL working principle ACL rule
  • 13. Outbound Interface Packets N Y Packet Discard Bucket Choose Interface Routing Table Entry ? N Packets Test Access List Statements Permit ? Y Outbound Access Lists Access List ? Y S0 E0 Inbound Interface Packets
  • 14. Notify Sender Outbound Access Lists If no access list statement matches then discard the packet N Y Packet Discard Bucket Choose Interface Routing Table Entry ? N Y Test Access List Statements Permit ? Y Access List ? Discard Packet N Outbound Interface Packets Packets S0 E0 Inbound Interface Packets
  • 15. Contents ACL conception and function ACL types ACL working principle ACL rule
  • 16. A List of Tests: Deny or Permit Packets to Interface(s) in the access group Packet Discard Bucket Y Interface(s) Destination Deny Deny Y Match First Rule ? Permit
  • 17. A List of Tests: Deny or Permit Packets to Interface(s) in the Access Group Packet Discard Bucket Y Interface(s) Destination Deny Deny Y Match First Rule ? Permit N Deny Permit Match Next Rule(s) ? YY
  • 18. A List of Tests: Deny or Permit Packets to Interface(s) in the Access Group Packet Discard Bucket Y Interface(s) Destination Deny Deny Y Match First Rule ? Permit N Deny Permit Match Next Rule(s) ? Deny Match Last Rule ? YY N YY Permit
  • 19. A List of Tests: Deny or Permit Packets to Interface(s) in the Access Group Packet Discard Bucket Y Interface(s) Destination Deny Y Match First Rule ? Permit N Deny Permit Match Next Rule(s) ? Deny Match Last Rule ? YY N YY Permit Implicit Deny If no match deny all Deny N
  • 20. ACL Rule Conclusion Q:How to arrange the sequence of rules when configuring ACL ACL matching execute from top to bottom, if one statement match the packets, it will execute the corresponding rule (permit or deny) and then jump out of ACL. There is an implicit rule “Deny all” at the end of each ACL. ACL can be applied to inbound or outbound direction of a concrete IP interface ACL can be applied to a specific system service (e.g. Telnet service on device) Before applying ACL, we should create it We can set only one ACL for a specific protocol on one direction of an interface at one time
  • 21. Where to apply ACL? Standard ACL: near the destination Extend ACL: near the source E0 E0 E1 S0 To0 S1 S0 S1 E0 E0Token Ring BB AA DD PC_A PC_B
  • 22. Content Review ACL conception and usage ACL working principle ACL types ACL rule
  • 23. Questions Where to place standard ACL in the network? Where to place extend ACL? What will be done to the packet if there are no matches in the ACL? How to arrange the sequence of rules when configuring ACL? What will happen if a data packet pass an interface that no ACL is defined?