SlideShare a Scribd company logo

Access Control List 1

Download as PPT, PDF
Kishore Kumar
Kishore Kumar

This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNP nor is it a “braindump” of questions and answers. I sincerely hope that this document provides some assistance and clarity in your studies.

EducationTechnologyBusiness
1 of 53
1
Rules of Access List • All deny statements have to be given First • There should be at least one Permit statement • An implicit deny blocks all traffic by default when there is no match (an invisible statement). • Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. • Works in Sequential order • Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible. 2
Standard ACL - Network Diagram 10.0.0.1/8 S0 HYD 1.2 S1 10.0.0.2/8 1.3 LAN - 192.168.1.0/24 is done Closest is done Closest to the to the 11.0.0.1/8 S0 E0 192.168.1.150/24 1.1 Creation and Creation and Implementation Implementation 2.1 Destination. Destination. CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.1 & 1.2 should not communicate with 2.0 network 1.1 & 1.2 should not communicate with 2.0 network 3
How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 1.1 is accessing 2.1 1.1 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 4
How Standard ACL Works ? 1.1 Source IP 192.168.1.1 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 5
How Standard ACL Works ? 1.1 Source IP 192.168.1.1 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 6
How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 1.3 is accessing 2.1 1.3 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 7
How Standard ACL Works ? 1.1 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 8 x
How Standard ACL Works ? 1.1 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 9 x
How Standard ACL Works ? 1.1 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 10
1.1 Source IP 192.168.1.1 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 11
Standard ACL - Network Diagram 10.0.0.1/8 S0 HYD 1.2 S1 10.0.0.2/8 1.3 LAN - 192.168.1.0/24 is done Closest is done Closest to the to the 11.0.0.1/8 S0 E0 192.168.1.150/24 1.1 Creation and Creation and Implementation Implementation 2.1 Destination. Destination. CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.1 & 3.0 should not communicate with 2.0 network 1.1 & 3.0 should not communicate with 2.0 network 12
How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 1.1 is accessing 2.1 1.1 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 13
How Standard ACL Works ? 1.1 Source IP 192.168.1.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 14
How Standard ACL Works ? 1.1 Source IP 192.168.1.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 15
How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 1.3 is accessing 2.1 1.3 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 16
How Standard ACL Works ? 1.3 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 x access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 17
How Standard ACL Works ? 1.3 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 x access-list 5 permit any 18
How Standard ACL Works ? 1.3 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 19
1.3 Source IP 192.168.1.1 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 20
How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 is accessing 2.1 3.1 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 21
How Standard ACL Works ? 3.1 Source IP 192.168.3.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 x access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 22
How Standard ACL Works ? 3.1 Source IP 192.168.3.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 23
How Standard ACL Works ? 3.1 Source IP 192.168.3.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 24
Extended ACL - Network Diagram Creation and Creation and Implementation Implementation 10.0.0.1/8 S0 HYD S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 is done Closest is done Closest to the Source. to the Source. 11.0.0.1/8 S0 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 2.0 should not access with 3.1 (Web Service) 2.0 should not access with 3.1 (Web Service) 25
How Extended ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 2.1 is accessing 3.1 -- Web Service 2.1 is accessing 3.1 Web Service 26
How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 80 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 27
How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 80 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 28
How Extended ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 2.1 is accessing 3.1 – Telnet Service 2.1 is accessing 3.1 – Telnet Service 29
How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 30 x
How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 31
How Extended ACL Works ? 2.1 Source IP 192.168.1.1 192.168.2.1 Destination IP 192.168.3.1 Port - 23 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 32
How Extended ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 2.1 is accessing 1.1 -- Web Service 2.1 is accessing 1.1 Web Service 33
How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.1.1 192.168.1.1 Port - 80 1.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 34 x
How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.1.1 Port - 80 1.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 35
How Extended ACL Works ? 2.1 Source IP 192.168.1.1 192.168.2.1 Destination IP 192.168.1.1 Port - 80 1.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 36
Named Access List • Access-lists are identified using Names rather than Numbers. • Names are Case-Sensitive • No limitation of Numbers here. • One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL) 37
Standard Named Access List Creation of Standard Named Access List Creation of Standard Named Access List Router(config)# ip access-list standard <name> Router(config)# ip access-list standard <name> Router(config-std-nacl)# <permit/deny> <source address> Router(config-std-nacl)# <permit/deny> <source address> <source wildcard mask> <source wildcard mask> Implementation of Standard Named Access List Implementation of Standard Named Access List Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <name> <out/in> Router(config-if)#ip access-group <name> <out/in> 38
Extended Named Access List Creation of Extended Named Access List Creation of Extended Named Access List Router(config)# ip access-list extended <name> Router(config)# ip access-list extended <name> Router(config-ext-nacl)# <permit/deny> <protocol> Router(config-ext-nacl)# <permit/deny> <protocol> <source address> <source wildcard mask> <destination <source address> <source wildcard mask> <destination address> < destination wildcard mask> <operator> address> < destination wildcard mask> <operator> <service> <service> Implementation of Extended Named Access List Implementation of Extended Named Access List Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <name> <out/in> Router(config-if)#ip access-group <name> <out/in> 39
40
Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:> telnet 192.168.1.150 Connecting ..... ================================ Welcome to Hyderabad Router ================================ User Access Verification password : **** Hyderabad> enable password : **** Hyderabad# show ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0 R 11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:25, Serial0 C 192.168.1.0/24 is directly connected, Ethernet0 R 192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:25, Serial0 R 192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:25, Serial0 Hyderabad# 41
Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:> telnet 192.168.2.150 Connecting ..... ================================ Welcome to Chennai Router ================================ User Access Verification password : **** Chennai> enable password : **** Chennai# show ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial1 C 11.0.0.0/8 is directly connected, Serial0 R 192.168.1.0/24 [120/1] via 10.0.0.1, 00:00:01, Serial1 C 192.168.2.0/24 is directly connected, Ethernet0 R 192.168.3.0/24 [120/1] via 11.0.0.2, 00:00:12, Serial0 Chennai# 42
Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:> telnet 192.168.3.150 Connecting ..... ================================ Welcome to Banglore Router ================================ User Access Verification password : **** Banglore> enable password : **** Banglore# show ip route Gateway of last resort is not set R 10.0.0.0/8 [120/1] via 11.0.0.1, 00:00:04, Serial1 C 11.0.0.0/8 is directly connected, Serial1 R 192.168.1.0/24 [120/2] via 11.0.0.1, 00:00:04, Serial1 R 192.168.2.0/24 [120/1] via 11.0.0.1, 00:00:04, Serial1 C 192.168.3.0/24 is directly connected, Ethernet0 Banglore# 43
Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:> telnet 192.168.2.150 Connecting ..... ================================ Welcome to Chennai Router ================================ User Access Verification password : **** Chennai> enable password : **** Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# interface serial 1 Chennai(config-if)# ip address 10.0.0.2 255.0.0.0 Chennai(config-if)# no shut Chennai(config-if)# encapsulation hdlc Chennai(config-if)# interface serial 0 Chennai(config-if)# ip address 11.0.0.1 255.0.0.0 Chennai(config-if)# no shut Chennai(config-if)# encapsulation hdlc 44
Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0 Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0 Chennai(config)# access-list 1 permit any Creation of Standard Access List Creation of Standard Access List Chennai(config)# interface ethernet 0 Router(config)# access-list out Chennai(config-if)# ip access-group 1 <acl no> <permit/deny> Router(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask> <source address> <source wildcard mask> Chennai(config-if)# Implementation of Standard Access List Implementation of Standard Access List Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in> Router(config-if)#ip access-group <number> <out/in> 45
Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0 Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0 Chennai(config)# access-list 1 permit any Chennai(config)# interface ethernet 0 Chennai(config-if)# ip access-group 1 out Chennai(config-if)# ^Z Chennai# show ip access-list Standard IP access list 1 deny 192.168.1.1 deny 192.168.1.2 permit any Chennai# 46
Chennai# show ip int e0 Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is 1 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Chennai# 47
Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0 Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255 Chennai(config)# access-list 5 permit any Chennai(config)# interface ethernet 0 Chennai(config-if)# ip access-group 5 out Chennai(config-if)# ^Z Chennai# show ip access-list Standard deny deny permit Chennai# IP access list 5 192.168.1.1 192.168.3.0 any 48
Chennai# show ip int e0 Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is 5 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Chennai# 49
Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0 Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255 Chennai(config)# access-list 5 permit any Creation of Standard Access List Creation of Standard Access List Chennai(config)# interface ethernet 0 Router(config)# access-list out Chennai(config-if)# ip access-group 5 <acl no> <permit/deny> Router(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask> <source address> <source wildcard mask> Chennai(config-if)# Implementation of Standard Access List Implementation of Standard Access List Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in> Router(config-if)#ip access-group <number> <out/in> 50
Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 Chennai(config)# access-list 101 Extended Access List permit ip any any Creation of Extended Access List Creation of Chennai(config)# interface ethernet 0 Router(config)# access-list <acl no> <permit/deny> Router(config)# access-list <acl no> <permit/deny> Chennai(config-if)# ip access-group 101 <source wildcard mask> <protocol> <source address> in <protocol> <source address> <source wildcard mask> Chennai(config-if)# <destination address> < destination wildcard mask> <destination address> < destination wildcard mask> <operator> <service> Implementation of Extended Access List <operator> <service> of Extended Access List Implementation Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in> Router(config-if)#ip access-group <number> <out/in> 51
Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 Chennai(config)# access-list 101 permit ip any any Chennai(config)# interface ethernet 0 Chennai(config-if)# ip access-group 101 in Chennai(config-if)# ^Z Chennai# show ip access-list Extended IP access list 101 deny tcp 192.168.2.0 0.0.0.255 host 192.168.3.1 eq www permit ip any any Chennai# 52
Chennai# show ip int e0 Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is 101 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Chennai# 53

Recommended

EtherChannel Configuration
EtherChannel ConfigurationEtherChannel Configuration
EtherChannel Configuration
NetProtocol Xpert
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
faust0
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
BGP protocol presentation
BGP protocol presentationBGP protocol presentation
BGP protocol presentation
Gorantla Mohanavamsi
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
Smriti Tikoo
 
Ip addressing
Ip addressingIp addressing
Ip addressing
sid1322
 

Recommended

EtherChannel Configuration
EtherChannel ConfigurationEtherChannel Configuration
EtherChannel Configuration
NetProtocol Xpert
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
faust0
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
BGP protocol presentation
BGP protocol presentationBGP protocol presentation
BGP protocol presentation
Gorantla Mohanavamsi
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
Smriti Tikoo
 
Ip addressing
Ip addressingIp addressing
Ip addressing
sid1322
 
Ospf
OspfOspf
Ospf
Joshua Fonseca
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
NetProtocol Xpert
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
APNIC
 
Static Routing
Static RoutingStatic Routing
Static Routing
Sachii Dosti
 
MPLS ppt
MPLS pptMPLS ppt
MPLS pptJagtar Dhaliwal
 
Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocolsBhagyashri Dhoke
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
Netwax Lab
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic Engineering
APNIC
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
Shawn Zandi
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
Jisc
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
Pavel Odintsov
 
Acl
AclAcl
Acl
Raghu Kiran
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
APNIC
 
Asa packet-flow-00
Asa packet-flow-00Asa packet-flow-00
Asa packet-flow-00vinaydewangan11
 
Mpls
MplsMpls
Mpls
Fasih Rehman
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
Wahyu Nasution
 
Ospf area types
Ospf area typesOspf area types
Ospf area types
Roger Perkin
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentalsEdgardo Scrimaglia
 
Vlan
Vlan Vlan
Vlan sanss40
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
diah risqiwati
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 

More Related Content

What's hot

Ospf
OspfOspf
Ospf
Joshua Fonseca
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
NetProtocol Xpert
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
APNIC
 
Static Routing
Static RoutingStatic Routing
Static Routing
Sachii Dosti
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
Netwax Lab
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic Engineering
APNIC
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
Shawn Zandi
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
Jisc
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
Pavel Odintsov
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
APNIC
 
Mpls
MplsMpls
Mpls
Fasih Rehman
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
Wahyu Nasution
 
Ospf area types
Ospf area typesOspf area types
Ospf area types
Roger Perkin
 

What's hot (20)

Ospf
OspfOspf
Ospf
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
MPLS ppt
MPLS pptMPLS ppt
MPLS ppt
 
Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocols
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic Engineering
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
 
Acl
AclAcl
Acl
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
 
Asa packet-flow-00
Asa packet-flow-00Asa packet-flow-00
Asa packet-flow-00
 
Mpls
MplsMpls
Mpls
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
Ospf area types
Ospf area typesOspf area types
Ospf area types
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentals
 
Vlan
Vlan Vlan
Vlan
 

Similar to Access Control List 1

Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
diah risqiwati
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
adityacommunication1
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Lab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayLab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relay
Manuel Garcia Meza
 
Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-junkut3
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
 
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
alexis marck Huiza Canchanya
 
Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUIC
shigeki_ohtsu
 
Multi Static Routng & Default Routing
Multi Static Routng & Default RoutingMulti Static Routng & Default Routing
Multi Static Routng & Default Routing
Kishore Kumar
 
Linux router
Linux routerLinux router
Linux router
Miguel E Arellano Quezada
 
CCNP 642-732 Training
CCNP 642-732 TrainingCCNP 642-732 Training
CCNP 642-732 Training
saenaetr
 
ACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACITACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACIT
Sleek International
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Ralph Nguyen
 
Day 13.1..1 catalyst switch
Day 13.1..1 catalyst switchDay 13.1..1 catalyst switch
Day 13.1..1 catalyst switch
CYBERINTELLIGENTS
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
computerlenguyen
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
trayyoo
 
PROYECTO VLANS
PROYECTO VLANSPROYECTO VLANS
PROYECTO VLANS
rubendavidsuarez
 

Similar to Access Control List 1 (20)

Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Lab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayLab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relay
 
Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
 
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
 
Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUIC
 
Multi Static Routng & Default Routing
Multi Static Routng & Default RoutingMulti Static Routng & Default Routing
Multi Static Routng & Default Routing
 
Linux router
Linux routerLinux router
Linux router
 
CCNP 642-732 Training
CCNP 642-732 TrainingCCNP 642-732 Training
CCNP 642-732 Training
 
ACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACITACIT - CCNA Training Course Topic - Switch Stp ACIT
ACIT - CCNA Training Course Topic - Switch Stp ACIT
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01
 
Day 13.1..1 catalyst switch
Day 13.1..1 catalyst switchDay 13.1..1 catalyst switch
Day 13.1..1 catalyst switch
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2
 
PROYECTO VLANS
PROYECTO VLANSPROYECTO VLANS
PROYECTO VLANS
 

More from Kishore Kumar

Switching Types
Switching TypesSwitching Types
Switching Types
Kishore Kumar
 
Route Authentication
Route AuthenticationRoute Authentication
Route AuthenticationKishore Kumar
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 
Ccna simulation exam practice guide
Ccna simulation exam practice guideCcna simulation exam practice guide
Ccna simulation exam practice guideKishore Kumar
 
RIP Update Timers
RIP Update TimersRIP Update Timers
RIP Update Timers
Kishore Kumar
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
Kishore Kumar
 
OSPF 2
OSPF 2OSPF 2
OSPF 2
Kishore Kumar
 
Internal & External of Routers
Internal & External of RoutersInternal & External of Routers
Internal & External of Routers
Kishore Kumar
 
Integrated Service Digital Network
Integrated Service Digital NetworkIntegrated Service Digital Network
Integrated Service Digital NetworkKishore Kumar
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of Router
Kishore Kumar
 
Frame Relay
Frame RelayFrame Relay
Frame Relay
Kishore Kumar
 
Dynamic Routing RIP
Dynamic Routing RIPDynamic Routing RIP
Dynamic Routing RIP
Kishore Kumar
 
OSI Layers
OSI LayersOSI Layers
OSI Layers
Kishore Kumar
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
Kishore Kumar
 
OSPF 3
OSPF 3OSPF 3
OSPF 3
Kishore Kumar
 
OSPF 2
OSPF 2OSPF 2
OSPF 2
Kishore Kumar
 
IP Addressing
IP AddressingIP Addressing
IP Addressing
Kishore Kumar
 

More from Kishore Kumar (20)

Switching Types
Switching TypesSwitching Types
Switching Types
 
Switching Types
Switching TypesSwitching Types
Switching Types
 
Route Authentication
Route AuthenticationRoute Authentication
Route Authentication
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
Ccna simulation exam practice guide
Ccna simulation exam practice guideCcna simulation exam practice guide
Ccna simulation exam practice guide
 
RIP Update Timers
RIP Update TimersRIP Update Timers
RIP Update Timers
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
OSPF 3
OSPF 3OSPF 3
OSPF 3
 
OSPF 2
OSPF 2OSPF 2
OSPF 2
 
Ip addressing
Ip addressingIp addressing
Ip addressing
 
Internal & External of Routers
Internal & External of RoutersInternal & External of Routers
Internal & External of Routers
 
Integrated Service Digital Network
Integrated Service Digital NetworkIntegrated Service Digital Network
Integrated Service Digital Network
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of Router
 
Frame Relay
Frame RelayFrame Relay
Frame Relay
 
Dynamic Routing RIP
Dynamic Routing RIPDynamic Routing RIP
Dynamic Routing RIP
 
OSI Layers
OSI LayersOSI Layers
OSI Layers
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
OSPF 3
OSPF 3OSPF 3
OSPF 3
 
OSPF 2
OSPF 2OSPF 2
OSPF 2
 
IP Addressing
IP AddressingIP Addressing
IP Addressing
 

Recently uploaded

Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
EduSkills OECD
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
Celine George
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
AzmatAli747758
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
Nguyen Thanh Tu Collection
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdfESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
Fundacja Rozwoju Społeczeństwa Przedsiębiorczego
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 

Recently uploaded (20)

Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdfESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 

Access Control List 1

  • 1. 1
  • 2. Rules of Access List • All deny statements have to be given First • There should be at least one Permit statement • An implicit deny blocks all traffic by default when there is no match (an invisible statement). • Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. • Works in Sequential order • Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible. 2
  • 3. Standard ACL - Network Diagram 10.0.0.1/8 S0 HYD 1.2 S1 10.0.0.2/8 1.3 LAN - 192.168.1.0/24 is done Closest is done Closest to the to the 11.0.0.1/8 S0 E0 192.168.1.150/24 1.1 Creation and Creation and Implementation Implementation 2.1 Destination. Destination. CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.1 & 1.2 should not communicate with 2.0 network 1.1 & 1.2 should not communicate with 2.0 network 3
  • 4. How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 1.1 is accessing 2.1 1.1 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 4
  • 5. How Standard ACL Works ? 1.1 Source IP 192.168.1.1 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 5
  • 6. How Standard ACL Works ? 1.1 Source IP 192.168.1.1 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 6
  • 7. How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 1.3 is accessing 2.1 1.3 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 7
  • 8. How Standard ACL Works ? 1.1 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 8 x
  • 9. How Standard ACL Works ? 1.1 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 9 x
  • 10. How Standard ACL Works ? 1.1 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 10
  • 11. 1.1 Source IP 192.168.1.1 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any 11
  • 12. Standard ACL - Network Diagram 10.0.0.1/8 S0 HYD 1.2 S1 10.0.0.2/8 1.3 LAN - 192.168.1.0/24 is done Closest is done Closest to the to the 11.0.0.1/8 S0 E0 192.168.1.150/24 1.1 Creation and Creation and Implementation Implementation 2.1 Destination. Destination. CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 1.1 & 3.0 should not communicate with 2.0 network 1.1 & 3.0 should not communicate with 2.0 network 12
  • 13. How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 1.1 is accessing 2.1 1.1 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 13
  • 14. How Standard ACL Works ? 1.1 Source IP 192.168.1.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 14
  • 15. How Standard ACL Works ? 1.1 Source IP 192.168.1.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 15
  • 16. How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 1.3 is accessing 2.1 1.3 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 16
  • 17. How Standard ACL Works ? 1.3 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 x access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 17
  • 18. How Standard ACL Works ? 1.3 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 x access-list 5 permit any 18
  • 19. How Standard ACL Works ? 1.3 Source IP 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 19
  • 20. 1.3 Source IP 192.168.1.1 192.168.1.3 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 20
  • 21. How Standard ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 is accessing 2.1 3.1 is accessing 2.1 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 21
  • 22. How Standard ACL Works ? 3.1 Source IP 192.168.3.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 x access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 22
  • 23. How Standard ACL Works ? 3.1 Source IP 192.168.3.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 23
  • 24. How Standard ACL Works ? 3.1 Source IP 192.168.3.1 2.1 Destination IP 192.168.2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any 24
  • 25. Extended ACL - Network Diagram Creation and Creation and Implementation Implementation 10.0.0.1/8 S0 HYD S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 is done Closest is done Closest to the Source. to the Source. 11.0.0.1/8 S0 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 2.0 should not access with 3.1 (Web Service) 2.0 should not access with 3.1 (Web Service) 25
  • 26. How Extended ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 2.1 is accessing 3.1 -- Web Service 2.1 is accessing 3.1 Web Service 26
  • 27. How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 80 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 27
  • 28. How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 80 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 28
  • 29. How Extended ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 2.1 is accessing 3.1 – Telnet Service 2.1 is accessing 3.1 – Telnet Service 29
  • 30. How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 30 x
  • 31. How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 31
  • 32. How Extended ACL Works ? 2.1 Source IP 192.168.1.1 192.168.2.1 Destination IP 192.168.3.1 Port - 23 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 32
  • 33. How Extended ACL Works ? 10.0.0.1/8 S0 HYD 11.0.0.1/8 S0 S1 10.0.0.2/8 E0 192.168.1.150/24 1.1 1.2 1.3 LAN - 192.168.1.0/24 2.1 CHE S1 11.0.0.2/8 E0 192.168.2.150/24 2.2 2.3 LAN - 192.168.2.0/24 3.1 BAN E0 192.168.3.150/2 3.2 3.3 LAN - 192.168.3.0/24 2.1 is accessing 1.1 -- Web Service 2.1 is accessing 1.1 Web Service 33
  • 34. How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.1.1 192.168.1.1 Port - 80 1.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 34 x
  • 35. How Extended ACL Works ? 2.1 Source IP 192.168.2.1 Destination IP 192.168.1.1 Port - 80 1.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 35
  • 36. How Extended ACL Works ? 2.1 Source IP 192.168.1.1 192.168.2.1 Destination IP 192.168.1.1 Port - 80 1.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any 36
  • 37. Named Access List • Access-lists are identified using Names rather than Numbers. • Names are Case-Sensitive • No limitation of Numbers here. • One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL) 37
  • 38. Standard Named Access List Creation of Standard Named Access List Creation of Standard Named Access List Router(config)# ip access-list standard <name> Router(config)# ip access-list standard <name> Router(config-std-nacl)# <permit/deny> <source address> Router(config-std-nacl)# <permit/deny> <source address> <source wildcard mask> <source wildcard mask> Implementation of Standard Named Access List Implementation of Standard Named Access List Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <name> <out/in> Router(config-if)#ip access-group <name> <out/in> 38
  • 39. Extended Named Access List Creation of Extended Named Access List Creation of Extended Named Access List Router(config)# ip access-list extended <name> Router(config)# ip access-list extended <name> Router(config-ext-nacl)# <permit/deny> <protocol> Router(config-ext-nacl)# <permit/deny> <protocol> <source address> <source wildcard mask> <destination <source address> <source wildcard mask> <destination address> < destination wildcard mask> <operator> address> < destination wildcard mask> <operator> <service> <service> Implementation of Extended Named Access List Implementation of Extended Named Access List Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <name> <out/in> Router(config-if)#ip access-group <name> <out/in> 39
  • 40. 40
  • 41. Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:> telnet 192.168.1.150 Connecting ..... ================================ Welcome to Hyderabad Router ================================ User Access Verification password : **** Hyderabad> enable password : **** Hyderabad# show ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0 R 11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:25, Serial0 C 192.168.1.0/24 is directly connected, Ethernet0 R 192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:25, Serial0 R 192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:25, Serial0 Hyderabad# 41
  • 42. Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:> telnet 192.168.2.150 Connecting ..... ================================ Welcome to Chennai Router ================================ User Access Verification password : **** Chennai> enable password : **** Chennai# show ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial1 C 11.0.0.0/8 is directly connected, Serial0 R 192.168.1.0/24 [120/1] via 10.0.0.1, 00:00:01, Serial1 C 192.168.2.0/24 is directly connected, Ethernet0 R 192.168.3.0/24 [120/1] via 11.0.0.2, 00:00:12, Serial0 Chennai# 42
  • 43. Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:> telnet 192.168.3.150 Connecting ..... ================================ Welcome to Banglore Router ================================ User Access Verification password : **** Banglore> enable password : **** Banglore# show ip route Gateway of last resort is not set R 10.0.0.0/8 [120/1] via 11.0.0.1, 00:00:04, Serial1 C 11.0.0.0/8 is directly connected, Serial1 R 192.168.1.0/24 [120/2] via 11.0.0.1, 00:00:04, Serial1 R 192.168.2.0/24 [120/1] via 11.0.0.1, 00:00:04, Serial1 C 192.168.3.0/24 is directly connected, Ethernet0 Banglore# 43
  • 44. Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:> telnet 192.168.2.150 Connecting ..... ================================ Welcome to Chennai Router ================================ User Access Verification password : **** Chennai> enable password : **** Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# interface serial 1 Chennai(config-if)# ip address 10.0.0.2 255.0.0.0 Chennai(config-if)# no shut Chennai(config-if)# encapsulation hdlc Chennai(config-if)# interface serial 0 Chennai(config-if)# ip address 11.0.0.1 255.0.0.0 Chennai(config-if)# no shut Chennai(config-if)# encapsulation hdlc 44
  • 45. Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0 Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0 Chennai(config)# access-list 1 permit any Creation of Standard Access List Creation of Standard Access List Chennai(config)# interface ethernet 0 Router(config)# access-list out Chennai(config-if)# ip access-group 1 <acl no> <permit/deny> Router(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask> <source address> <source wildcard mask> Chennai(config-if)# Implementation of Standard Access List Implementation of Standard Access List Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in> Router(config-if)#ip access-group <number> <out/in> 45
  • 46. Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0 Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0 Chennai(config)# access-list 1 permit any Chennai(config)# interface ethernet 0 Chennai(config-if)# ip access-group 1 out Chennai(config-if)# ^Z Chennai# show ip access-list Standard IP access list 1 deny 192.168.1.1 deny 192.168.1.2 permit any Chennai# 46
  • 47. Chennai# show ip int e0 Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is 1 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Chennai# 47
  • 48. Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0 Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255 Chennai(config)# access-list 5 permit any Chennai(config)# interface ethernet 0 Chennai(config-if)# ip access-group 5 out Chennai(config-if)# ^Z Chennai# show ip access-list Standard deny deny permit Chennai# IP access list 5 192.168.1.1 192.168.3.0 any 48
  • 49. Chennai# show ip int e0 Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is 5 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Chennai# 49
  • 50. Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0 Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255 Chennai(config)# access-list 5 permit any Creation of Standard Access List Creation of Standard Access List Chennai(config)# interface ethernet 0 Router(config)# access-list out Chennai(config-if)# ip access-group 5 <acl no> <permit/deny> Router(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask> <source address> <source wildcard mask> Chennai(config-if)# Implementation of Standard Access List Implementation of Standard Access List Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in> Router(config-if)#ip access-group <number> <out/in> 50
  • 51. Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 Chennai(config)# access-list 101 Extended Access List permit ip any any Creation of Extended Access List Creation of Chennai(config)# interface ethernet 0 Router(config)# access-list <acl no> <permit/deny> Router(config)# access-list <acl no> <permit/deny> Chennai(config-if)# ip access-group 101 <source wildcard mask> <protocol> <source address> in <protocol> <source address> <source wildcard mask> Chennai(config-if)# <destination address> < destination wildcard mask> <destination address> < destination wildcard mask> <operator> <service> Implementation of Extended Access List <operator> <service> of Extended Access List Implementation Router(config)#interface <interface type><interface no> Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in> Router(config-if)#ip access-group <number> <out/in> 51
  • 52. Chennai# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Chennai(config)# access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 Chennai(config)# access-list 101 permit ip any any Chennai(config)# interface ethernet 0 Chennai(config-if)# ip access-group 101 in Chennai(config-if)# ^Z Chennai# show ip access-list Extended IP access list 101 deny tcp 192.168.2.0 0.0.0.255 host 192.168.3.1 eq www permit ip any any Chennai# 52
  • 53. Chennai# show ip int e0 Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is 101 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Chennai# 53