SlideShare a Scribd company logo

Acl

Download as PPT, PDF
Raghu Kiran
Raghu Kiran

- Access control lists (ACLs) allow or deny network traffic passing through a router based on source and destination IP addresses, protocols, and port numbers. - There are two main types of ACLs: standard ACLs which filter based on source IP addresses, and extended ACLs which filter on source/destination IP addresses, protocols, and port numbers. - ACLs can be numbered or named, with named ACLs allowing selective editing of statements not possible with numbered ACLs.

EducationTechnology
1 of 19
• ACL is a set of rules which will allow or deny the specific traffic moving through the router • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. Access Control List
Types of Access-list ACCESS-LIST NUMBERED NAMED STANDARD EXTENDED STANDARD EXTENDED
Standard Access List • The access-list number range is 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address • The access-list number range is 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no Extended Access List
• Deny : Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface Terminology
• All deny statements have to be given First • There should be at least one Permit statement • An implicit deny blocks all traffic by default when there is no match (an invisible statement). • Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. • Works in Sequential order • Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible. Rules of Access List
• Tells the router which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 Wild Card Mask
• A wild card mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------- Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------- 0. 0. 0. 15 Wild Card Mask
Network Diagram E0 10.1.1.1/8 HYD LAN – 10.0.0.0/8 E0 20.1.1.1/8 KSA LAN – 20.0.0.0/8 E0 30.1.1.1/8 UAE LAN – 30.0.0.0/8 1.1.1.1/8 S0 S1 1.1.1.2/8 2.2.2.1/8 S0 S1 2.2.2.2/8
• The access-list number range is (1–99) & (1600- 1999) • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address Standard Access List
Creation of Standard Access List (config)# access-list <acl no> <permit/deny> <source add> <source WCM> Implementation of Standard Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in> To Verify : # show access-list # show access-list <no>
• The access-list number range is (100 – 199) • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no. Extended Access List
IP TCP HTTP TELNET FTP SMTP UDP DNS TFTP DHCP NNTP ICMP PING TRACEROUTE
Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than)
Creation of Extended Access List (config)# access-list <acl no> <permit/deny> <protocol> <source add> <source WCM> <destination add> < destination WCM> <operator> <service> Implementation of Extended Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in>
• Access-lists are identified using Names rather than Numbers. • Names are Case-Sensitive • No limitation of Numbers here. • One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL) Named Access List
Standard Named Access List Creation of Standard Named Access List (config)# ip access-list standard <name> (config-std-nacl)# <permit/deny> <source address> <source wildcard mask> Implementation (config)#interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
Extended Named Access List Creation of Extended Named Access List (config)# ip access-list extended <name> (config-ext-nacl)#<permit/deny> <protocol> <source add> <source WCM> <dest. add> <dest. WCM> <operator><service> Implementation (config)# interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
Acl

Recommended

Subnetting
SubnettingSubnetting
SubnettingGichelle Amon
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]
Summit Bisht
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
IPv4
IPv4IPv4
IPv4
Dhiraj Mishra
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access ListsDsunte Wilson
 
Subnetting
SubnettingSubnetting
Subnetting
selvakumar_b1985
 
Ip addressing
Ip addressingIp addressing
Ip addressing
sid1322
 

Recommended

Subnetting
SubnettingSubnetting
SubnettingGichelle Amon
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]
Summit Bisht
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
IPv4
IPv4IPv4
IPv4
Dhiraj Mishra
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access ListsDsunte Wilson
 
Subnetting
SubnettingSubnetting
Subnetting
selvakumar_b1985
 
Ip addressing
Ip addressingIp addressing
Ip addressing
sid1322
 
Basics of IP Addressing
Basics of IP AddressingBasics of IP Addressing
Basics of IP Addressing
Kushal Sheth
 
Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocolsBhagyashri Dhoke
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRPKishore Kumar
 
Connect Laptop/PC to Router Console Port
Connect Laptop/PC to Router Console Port Connect Laptop/PC to Router Console Port
Connect Laptop/PC to Router Console Port
Yaser Rahmati
 
Ipv4 presentation
Ipv4 presentationIpv4 presentation
Ipv4 presentation
shakeel khan
 
IP Addressing (Subnetting, VLSM, Supernetting)
IP Addressing (Subnetting, VLSM, Supernetting)IP Addressing (Subnetting, VLSM, Supernetting)
IP Addressing (Subnetting, VLSM, Supernetting)
cuetcse
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
Sourabh Badve
 
IP NETWORKING AND IP SUBNET MASKING
IP NETWORKING AND IP SUBNET MASKING IP NETWORKING AND IP SUBNET MASKING
IP NETWORKING AND IP SUBNET MASKING
AYESHA JAVED
 
IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing
TheGodfather HA
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
Netwax Lab
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
Kishore Kumar
 
IP Addressing & subnetting strategy
IP Addressing & subnetting strategyIP Addressing & subnetting strategy
IP Addressing & subnetting strategy
Mustafa Salam
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar ppt
Smriti Rastogi
 
IPv4 addressing and subnetting
IPv4 addressing and subnettingIPv4 addressing and subnetting
IPv4 addressing and subnetting
Shashank Asthana
 
Transport layer protocol
Transport layer protocolTransport layer protocol
Transport layer protocol
N.Jagadish Kumar
 
Subnetting
SubnettingSubnetting
Subnetting
Fatima Qayyum
 
what is Private and publis ip address
what is Private and publis ip addresswhat is Private and publis ip address
what is Private and publis ip address
Amit Kumar , Jaipur Engineers
 
Media Access Control
Media Access ControlMedia Access Control
Media Access Control
VijayaLakshmi514
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPT
Pijush Kanti Das
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)
NetProtocol Xpert
 
Types of ACLs
Types of ACLsTypes of ACLs
Types of ACLs
NetProtocol Xpert
 
Ten Commandments of Formal Methods: A decade later
Ten Commandments of Formal Methods: A decade laterTen Commandments of Formal Methods: A decade later
Ten Commandments of Formal Methods: A decade later
Jonathan Bowen
 

More Related Content

What's hot

Basics of IP Addressing
Basics of IP AddressingBasics of IP Addressing
Basics of IP Addressing
Kushal Sheth
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRPKishore Kumar
 
Connect Laptop/PC to Router Console Port
Connect Laptop/PC to Router Console Port Connect Laptop/PC to Router Console Port
Connect Laptop/PC to Router Console Port
Yaser Rahmati
 
Ipv4 presentation
Ipv4 presentationIpv4 presentation
Ipv4 presentation
shakeel khan
 
IP Addressing (Subnetting, VLSM, Supernetting)
IP Addressing (Subnetting, VLSM, Supernetting)IP Addressing (Subnetting, VLSM, Supernetting)
IP Addressing (Subnetting, VLSM, Supernetting)
cuetcse
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
Sourabh Badve
 
IP NETWORKING AND IP SUBNET MASKING
IP NETWORKING AND IP SUBNET MASKING IP NETWORKING AND IP SUBNET MASKING
IP NETWORKING AND IP SUBNET MASKING
AYESHA JAVED
 
IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing
TheGodfather HA
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
Netwax Lab
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
Kishore Kumar
 
IP Addressing & subnetting strategy
IP Addressing & subnetting strategyIP Addressing & subnetting strategy
IP Addressing & subnetting strategy
Mustafa Salam
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar ppt
Smriti Rastogi
 
IPv4 addressing and subnetting
IPv4 addressing and subnettingIPv4 addressing and subnetting
IPv4 addressing and subnetting
Shashank Asthana
 
Transport layer protocol
Transport layer protocolTransport layer protocol
Transport layer protocol
N.Jagadish Kumar
 
Subnetting
SubnettingSubnetting
Subnetting
Fatima Qayyum
 
what is Private and publis ip address
what is Private and publis ip addresswhat is Private and publis ip address
what is Private and publis ip address
Amit Kumar , Jaipur Engineers
 
Media Access Control
Media Access ControlMedia Access Control
Media Access Control
VijayaLakshmi514
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPT
Pijush Kanti Das
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)
NetProtocol Xpert
 

What's hot (20)

Basics of IP Addressing
Basics of IP AddressingBasics of IP Addressing
Basics of IP Addressing
 
Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocols
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
 
Connect Laptop/PC to Router Console Port
Connect Laptop/PC to Router Console Port Connect Laptop/PC to Router Console Port
Connect Laptop/PC to Router Console Port
 
Ipv4 presentation
Ipv4 presentationIpv4 presentation
Ipv4 presentation
 
IP Addressing (Subnetting, VLSM, Supernetting)
IP Addressing (Subnetting, VLSM, Supernetting)IP Addressing (Subnetting, VLSM, Supernetting)
IP Addressing (Subnetting, VLSM, Supernetting)
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
IP NETWORKING AND IP SUBNET MASKING
IP NETWORKING AND IP SUBNET MASKING IP NETWORKING AND IP SUBNET MASKING
IP NETWORKING AND IP SUBNET MASKING
 
IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its Types
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
 
IP Addressing & subnetting strategy
IP Addressing & subnetting strategyIP Addressing & subnetting strategy
IP Addressing & subnetting strategy
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar ppt
 
IPv4 addressing and subnetting
IPv4 addressing and subnettingIPv4 addressing and subnetting
IPv4 addressing and subnetting
 
Transport layer protocol
Transport layer protocolTransport layer protocol
Transport layer protocol
 
Subnetting
SubnettingSubnetting
Subnetting
 
what is Private and publis ip address
what is Private and publis ip addresswhat is Private and publis ip address
what is Private and publis ip address
 
Media Access Control
Media Access ControlMedia Access Control
Media Access Control
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPT
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)
 

Viewers also liked

Types of ACLs
Types of ACLsTypes of ACLs
Types of ACLs
NetProtocol Xpert
 
Ten Commandments of Formal Methods: A decade later
Ten Commandments of Formal Methods: A decade laterTen Commandments of Formal Methods: A decade later
Ten Commandments of Formal Methods: A decade later
Jonathan Bowen
 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Disha Bedi
 
CCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control ListsCCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control Lists
Vuz Dở Hơi
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
faust0
 
Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0
Saurav Pandey
 

Viewers also liked (6)

Types of ACLs
Types of ACLsTypes of ACLs
Types of ACLs
 
Ten Commandments of Formal Methods: A decade later
Ten Commandments of Formal Methods: A decade laterTen Commandments of Formal Methods: A decade later
Ten Commandments of Formal Methods: A decade later
 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
 
CCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control ListsCCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control Lists
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
 
Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0
 

Similar to Acl

CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
Eric Vanderburg
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
CCNAResources
 
20 access lists[1]
20 access lists[1]20 access lists[1]
20 access lists[1]
Gerard Vevele
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networking
tayybahaseeb18
 
Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231
Stillward Laud Mark-Mills
 
Access List in Networks
Access List in NetworksAccess List in Networks
Access List in Networks
wolverinetyagi
 
CCNA
CCNACCNA
CCNA
Abhishek Parihari
 
Standard & Extended ACL Configuration
Standard & Extended ACL ConfigurationStandard & Extended ACL Configuration
Standard & Extended ACL Configuration
MdAlAmin187
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
Ahmad El Tawil
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
moonmanik
 

Similar to Acl (20)

CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Acl
AclAcl
Acl
 
Anilnet
AnilnetAnilnet
Anilnet
 
Access control list 2
Access control list 2Access control list 2
Access control list 2
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Acl
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
20 access lists[1]
20 access lists[1]20 access lists[1]
20 access lists[1]
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networking
 
Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231
 
Access List in Networks
Access List in NetworksAccess List in Networks
Access List in Networks
 
CCNA
CCNACCNA
CCNA
 
Standard & Extended ACL Configuration
Standard & Extended ACL ConfigurationStandard & Extended ACL Configuration
Standard & Extended ACL Configuration
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
 

Recently uploaded

June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 

Recently uploaded (20)

June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 

Acl

  • 1.
  • 2. • ACL is a set of rules which will allow or deny the specific traffic moving through the router • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. Access Control List
  • 3. Types of Access-list ACCESS-LIST NUMBERED NAMED STANDARD EXTENDED STANDARD EXTENDED
  • 4. Standard Access List • The access-list number range is 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address • The access-list number range is 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no Extended Access List
  • 5. • Deny : Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface Terminology
  • 6. • All deny statements have to be given First • There should be at least one Permit statement • An implicit deny blocks all traffic by default when there is no match (an invisible statement). • Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. • Works in Sequential order • Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible. Rules of Access List
  • 7. • Tells the router which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 Wild Card Mask
  • 8. • A wild card mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------- Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------- 0. 0. 0. 15 Wild Card Mask
  • 9. Network Diagram E0 10.1.1.1/8 HYD LAN – 10.0.0.0/8 E0 20.1.1.1/8 KSA LAN – 20.0.0.0/8 E0 30.1.1.1/8 UAE LAN – 30.0.0.0/8 1.1.1.1/8 S0 S1 1.1.1.2/8 2.2.2.1/8 S0 S1 2.2.2.2/8
  • 10. • The access-list number range is (1–99) & (1600- 1999) • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address Standard Access List
  • 11. Creation of Standard Access List (config)# access-list <acl no> <permit/deny> <source add> <source WCM> Implementation of Standard Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in> To Verify : # show access-list # show access-list <no>
  • 12. • The access-list number range is (100 – 199) • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no. Extended Access List
  • 14. Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than)
  • 15. Creation of Extended Access List (config)# access-list <acl no> <permit/deny> <protocol> <source add> <source WCM> <destination add> < destination WCM> <operator> <service> Implementation of Extended Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in>
  • 16. • Access-lists are identified using Names rather than Numbers. • Names are Case-Sensitive • No limitation of Numbers here. • One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL) Named Access List
  • 17. Standard Named Access List Creation of Standard Named Access List (config)# ip access-list standard <name> (config-std-nacl)# <permit/deny> <source address> <source wildcard mask> Implementation (config)#interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
  • 18. Extended Named Access List Creation of Extended Named Access List (config)# ip access-list extended <name> (config-ext-nacl)#<permit/deny> <protocol> <source add> <source WCM> <dest. add> <dest. WCM> <operator><service> Implementation (config)# interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>