This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNP nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
Access Control List (ACLs) can be used for two purposes:
1. To filter traffic
2. To identity traffic
Access lists are set of rules, organized in a rule table. Each rules or line in an access-list provides a
condition, either permit or deny.
Access Control List (ACLs) can be used for two purposes:
1. To filter traffic
2. To identity traffic
Access lists are set of rules, organized in a rule table. Each rules or line in an access-list provides a
condition, either permit or deny.
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
Lab8 Controlling traffic using Extended ACL
Objectives
Perform basic configuration tasks on a router.
Applying Static routes and default route.
Exploring the routing table entry.
Applying Extended (named) access control lists (ACLs).
Testing the access control lists (ACLs).
Required Resources
2 Cisco Routers (1841)
2 Cisco Switches (2950-24)
3 Computers
UTP (straight through and cross over) cables
Tasks:
A. Build up the topology.
B. Perform Basic Router Configurations
Steps:
1. Connect the components as shown in Fig 1.
2. Configure the router hostname to match the topology diagram.
3. Configure IP addresses and masks on all devices.
4. Configure a loopback interface (loopback 0) on R2 to simulate the ISP. (search on the internet
how to configure loopback interface)
C. Enable Static route for all networks.
Steps:
1. For Router 1
R1(config)# ip route 192.168.20.0 255.255.255.0 serial 0/0/0
Default root can be configured as:
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
2. For Router 2
R2(config)# ip route 192.168.10.0 255.255.255.0 serial 0/0/1
R2(config)# ip route 192.168.11.0 255.255.255.0 serial 0/0/1
D. Verify full IP connectivity using the ping command and the routing table of routers.
Step#1:
For R1 and R2, use the command show ip route, take a snapshot for the resulting routing table,
and discuss the outputs:
*Routing table of R1(Screenshoot)
*Routing table of R2 (Screenshot)
Step#2:
Make sure that the whole network nodes can ping each other.
Before configuring and applying this ACL, be sure to test connectivity from Laptop1 to the
loopback interface (ISP - 209.165.200.225)
E. Configuring an Extended ACL
In this section, you are configuring an extended ACL on R1 that blocks traffic originating from any
device on the 192.168.10.0/24 network to access the 209.165.200.255 host (the simulated ISP).
This ACL will be applied outbound on the R1 Serial 0/0/0 interface.
Steps:
1. Configure a named extended ACL.
R1(config)#ip access-list extended EXTEND-1
R1(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 host 209.165.200.225
2. Apply the ACL.
With standard ACLs, the best practice is to place the ACL as close to the destination as possible.
Extended ACLs are typically placed close to the source.
R1(config)#interface serial 0/0/0
R1(config-if)#ip access-group EXTEND-1 out
3. Test the ACL.
From Laptop1; ping the loopback interface on R2.
R1(config-ext-nacl)#permit ip any any
**Please provide full code and screenshoots from Cisco packet tracer.
Table -1 begin{tabular}{|c|ccc|} hline Device & Interface & IP Address & Default Gateway & & & R1
& Fa0/0 & 192.168.10.1/24 & N/A & Fa0/1 & 192.168.11.1/24 & N/A & So/0/0 & 10.1.1.1/24 & N/A
& Fa0/1 & 192.168.20.1/24 & N/A R2 & So/0/1 & 10.1.1.2/24 & N/A & loopback 0 &
209.165.200.225/8 & N/A & & & & & 192.168.10.10/24 & 192.168 .10 .1 hline Laptop1 & NIC &
192.168.11.10/24 & 192.168 .11 .1 hline Laptop2 & NIC & 192.168.20.254/24 & 192.168 .20 .1
hline hline PC3 & NIC & & hline end{tabular}.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
The CUWSS Conducting Cisco Unified Wireless Site Survey exam is the exam associated with the CCNP Wireless certification.https://www.pass4sureexam.com/642-732.html
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNA, nor is it a “braindump” of questions and answers.
I sincerely hope that this document provides some assistance and clarity in your studies.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
2. Rules of Access List
• All deny statements have to be given First
• There should be at least one Permit statement
• An implicit deny blocks all traffic by default when
there is no match (an invisible statement).
• Can have one access-list per interface per direction.
(i.e.) Two access-list per interface, one in inbound
direction and one in outbound direction.
• Works in Sequential order
• Editing of access-lists is not possible (i.e) Selectively
adding or removing access-list statements is not
possible.
2
3. Standard ACL - Network Diagram
10.0.0.1/8
S0
HYD
1.2
S1
10.0.0.2/8
1.3
LAN - 192.168.1.0/24
is done Closest
is done Closest
to the
to the
11.0.0.1/8
S0
E0
192.168.1.150/24
1.1
Creation and
Creation and
Implementation
Implementation
2.1
Destination.
Destination.
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
1.1 & 1.2 should not communicate with 2.0 network
1.1 & 1.2 should not communicate with 2.0 network
3
4. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
1.1 is accessing 2.1
1.1 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
4
5. How Standard ACL Works ?
1.1
Source IP
192.168.1.1
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
5
6. How Standard ACL Works ?
1.1
Source IP
192.168.1.1
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
6
7. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
1.3 is accessing 2.1
1.3 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
7
8. How Standard ACL Works ?
1.1
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
8
x
9. How Standard ACL Works ?
1.1
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
9
x
10. How Standard ACL Works ?
1.1
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
10
12. Standard ACL - Network Diagram
10.0.0.1/8
S0
HYD
1.2
S1
10.0.0.2/8
1.3
LAN - 192.168.1.0/24
is done Closest
is done Closest
to the
to the
11.0.0.1/8
S0
E0
192.168.1.150/24
1.1
Creation and
Creation and
Implementation
Implementation
2.1
Destination.
Destination.
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
1.1 & 3.0 should not communicate with 2.0 network
1.1 & 3.0 should not communicate with 2.0 network
12
13. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
1.1 is accessing 2.1
1.1 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
13
14. How Standard ACL Works ?
1.1
Source IP
192.168.1.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
14
15. How Standard ACL Works ?
1.1
Source IP
192.168.1.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
15
16. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
1.3 is accessing 2.1
1.3 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
16
17. How Standard ACL Works ?
1.3
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
x
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
17
18. How Standard ACL Works ?
1.3
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255 x
access-list 5 permit any
18
19. How Standard ACL Works ?
1.3
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
19
21. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1 is accessing 2.1
3.1 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
21
22. How Standard ACL Works ?
3.1
Source IP
192.168.3.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
x
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
22
23. How Standard ACL Works ?
3.1
Source IP
192.168.3.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
23
24. How Standard ACL Works ?
3.1
Source IP
192.168.3.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
24
25. Extended ACL - Network Diagram
Creation and
Creation and
Implementation
Implementation
10.0.0.1/8
S0
HYD
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
is done Closest
is done Closest
to the Source.
to the Source.
11.0.0.1/8
S0
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
2.0 should not access with 3.1 (Web Service)
2.0 should not access with 3.1 (Web Service)
25
26. How Extended ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
2.1 is accessing 3.1 -- Web Service
2.1 is accessing 3.1 Web Service
26
27. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 80
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
27
28. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 80
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
28
29. How Extended ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
2.1 is accessing 3.1 – Telnet Service
2.1 is accessing 3.1 – Telnet Service
29
30. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 23
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
30
x
31. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 23
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
31
32. How Extended ACL Works ?
2.1
Source IP
192.168.1.1
192.168.2.1
Destination IP
192.168.3.1
Port - 23
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
32
33. How Extended ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
2.1 is accessing 1.1 -- Web Service
2.1 is accessing 1.1 Web Service
33
34. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.1.1
192.168.1.1
Port - 80
1.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
34
x
35. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.1.1
Port - 80
1.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
35
36. How Extended ACL Works ?
2.1
Source IP
192.168.1.1
192.168.2.1
Destination IP
192.168.1.1
Port - 80
1.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
36
37. Named Access List
• Access-lists are identified using Names
rather than Numbers.
• Names are Case-Sensitive
• No limitation of Numbers here.
• One Main Advantage is Editing of ACL is Possible (i.e)
Removing a specific statement from the ACL is
possible.
(IOS version 11.2 or later allows Named ACL)
37
38. Standard Named Access List
Creation of Standard Named Access List
Creation of Standard Named Access List
Router(config)# ip access-list standard <name>
Router(config)# ip access-list standard <name>
Router(config-std-nacl)# <permit/deny> <source address>
Router(config-std-nacl)# <permit/deny> <source address>
<source wildcard mask>
<source wildcard mask>
Implementation of Standard Named Access List
Implementation of Standard Named Access List
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <name> <out/in>
Router(config-if)#ip access-group <name> <out/in>
38
39. Extended Named Access List
Creation of Extended Named Access List
Creation of Extended Named Access List
Router(config)# ip access-list extended <name>
Router(config)# ip access-list extended <name>
Router(config-ext-nacl)# <permit/deny> <protocol>
Router(config-ext-nacl)# <permit/deny> <protocol>
<source address> <source wildcard mask> <destination
<source address> <source wildcard mask> <destination
address> < destination wildcard mask> <operator>
address> < destination wildcard mask> <operator>
<service>
<service>
Implementation of Extended Named Access List
Implementation of Extended Named Access List
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <name> <out/in>
Router(config-if)#ip access-group <name> <out/in>
39
41. Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:> telnet 192.168.1.150
Connecting .....
================================
Welcome to Hyderabad Router
================================
User Access Verification
password : ****
Hyderabad> enable
password : ****
Hyderabad# show ip route
Gateway of last resort is not set
C
10.0.0.0/8 is directly connected, Serial0
R
11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:25, Serial0
C
192.168.1.0/24 is directly connected, Ethernet0
R
192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:25, Serial0
R
192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:25, Serial0
Hyderabad#
41
42. Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:> telnet 192.168.2.150
Connecting .....
================================
Welcome to Chennai Router
================================
User Access Verification
password : ****
Chennai> enable
password : ****
Chennai# show ip route
Gateway of last resort is not set
C
10.0.0.0/8 is directly connected, Serial1
C
11.0.0.0/8 is directly connected, Serial0
R
192.168.1.0/24 [120/1] via 10.0.0.1, 00:00:01, Serial1
C
192.168.2.0/24 is directly connected, Ethernet0
R
192.168.3.0/24 [120/1] via 11.0.0.2, 00:00:12, Serial0
Chennai#
42
43. Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:> telnet 192.168.3.150
Connecting .....
================================
Welcome to Banglore Router
================================
User Access Verification
password : ****
Banglore> enable
password : ****
Banglore# show ip route
Gateway of last resort is not set
R
10.0.0.0/8 [120/1] via 11.0.0.1, 00:00:04, Serial1
C
11.0.0.0/8 is directly connected, Serial1
R
192.168.1.0/24 [120/2] via 11.0.0.1, 00:00:04, Serial1
R
192.168.2.0/24 [120/1] via 11.0.0.1, 00:00:04, Serial1
C
192.168.3.0/24 is directly connected, Ethernet0
Banglore#
43
44. Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:> telnet 192.168.2.150
Connecting .....
================================
Welcome to Chennai Router
================================
User Access Verification
password : ****
Chennai> enable
password : ****
Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# interface serial 1
Chennai(config-if)# ip address 10.0.0.2 255.0.0.0
Chennai(config-if)# no shut
Chennai(config-if)# encapsulation hdlc
Chennai(config-if)# interface serial 0
Chennai(config-if)# ip address 11.0.0.1 255.0.0.0
Chennai(config-if)# no shut
Chennai(config-if)# encapsulation hdlc
44
45. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0
Chennai(config)# access-list 1 permit any
Creation of Standard Access List
Creation of Standard Access List
Chennai(config)# interface ethernet 0
Router(config)# access-list out
Chennai(config-if)# ip access-group 1 <acl no> <permit/deny>
Router(config)# access-list <acl no> <permit/deny>
<source address> <source wildcard mask>
<source address> <source wildcard mask>
Chennai(config-if)#
Implementation of Standard Access List
Implementation of Standard Access List
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <number> <out/in>
Router(config-if)#ip access-group <number> <out/in>
45
46. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0
Chennai(config)# access-list 1 permit any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 1 out
Chennai(config-if)# ^Z
Chennai# show ip access-list
Standard IP access list 1
deny
192.168.1.1
deny
192.168.1.2
permit any
Chennai#
46
47. Chennai# show ip int e0
Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is 1
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled
Chennai#
47
48. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255
Chennai(config)# access-list 5 permit any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 5 out
Chennai(config-if)# ^Z
Chennai# show ip access-list
Standard
deny
deny
permit
Chennai#
IP access list 5
192.168.1.1
192.168.3.0
any
48
49. Chennai# show ip int e0
Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is 5
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled
Chennai#
49
50. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255
Chennai(config)# access-list 5 permit any
Creation of Standard Access List
Creation of Standard Access List
Chennai(config)# interface ethernet 0
Router(config)# access-list out
Chennai(config-if)# ip access-group 5 <acl no> <permit/deny>
Router(config)# access-list <acl no> <permit/deny>
<source address> <source wildcard mask>
<source address> <source wildcard mask>
Chennai(config-if)#
Implementation of Standard Access List
Implementation of Standard Access List
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <number> <out/in>
Router(config-if)#ip access-group <number> <out/in>
50
51. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 101 deny tcp 192.168.2.0
0.0.0.255 192.168.3.1 0.0.0.0 eq 80
Chennai(config)# access-list 101 Extended Access List
permit ip any any
Creation of Extended Access List
Creation of
Chennai(config)# interface ethernet 0
Router(config)# access-list <acl no> <permit/deny>
Router(config)# access-list <acl no> <permit/deny>
Chennai(config-if)# ip access-group 101 <source wildcard mask>
<protocol> <source address> in
<protocol> <source address> <source wildcard mask>
Chennai(config-if)#
<destination address> < destination wildcard mask>
<destination address> < destination wildcard mask>
<operator> <service>
Implementation of Extended Access List
<operator> <service> of Extended Access List
Implementation
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <number> <out/in>
Router(config-if)#ip access-group <number> <out/in>
51
52. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 101 deny tcp 192.168.2.0
0.0.0.255 192.168.3.1 0.0.0.0 eq 80
Chennai(config)# access-list 101 permit ip any any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 101 in
Chennai(config-if)# ^Z
Chennai# show ip access-list
Extended IP access list 101
deny
tcp 192.168.2.0 0.0.0.255 host 192.168.3.1 eq www
permit ip any any
Chennai#
52
53. Chennai# show ip int e0
Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is not set
Inbound access list is 101
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled
Chennai#
53