SlideShare a Scribd company logo

Acl cisco

Download as PPTX, PDF
T
Tapan Khilar

Acl cisco

Devices & Hardware
1 of 23
Access Control List 2009 © Alexander Rybolovlev
A TCP Conversation SMTP 25 POP3 110 IMAP 143 HTTP 80 HTTPS 443 DNS 53 FTP-DATA 20 FTP 21 TFTP 69 SNMP 169 NTP 123
Packet Filtering ALLOW or DENY •Source IP address •Destination IP address •ICMP message type •TCP/UDP source port •TCP/UDP destination port One ACL per protocol (e.g., IP or IPX) One ACL per interface (e.g., FastEthernet0/0) One ACL per direction (i.e., IN or OUT) IN OUT
Numbering and Naming ACLs Router(config)#access-list ? <1-99> <100-199> IP standard access list IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list You assign a number based on which protocol you want filtered: •(1 to 99) and (1300 to 1999): Standard IP ACL •(100 to 199) and (2000 to 2699): Extended IP ACL You assign a name by providing the name of the ACL: •Names can contain alphanumeric characters. •It is suggested that the name be written in CAPITAL LETTERS. •Names cannot contain spaces or punctuation and must begin with a letter. •You can add or delete entries within the ACL.
Where To Place ACLs Router1 Router2 Host2 Host1 Host3 Fa0/1Fa0/1 Router0 Standart ACLExtended ACL 192.168.2.0/24 192.168.2.0/24
Standard ACL [no] access-list acl-num {deny|permit|remark} [source [source-wildcard]] [log] Router#show access-lists Standard IP access list 99 10 permit host 192.168.99.0 20 permit host 192.168.98.0 Router#conf t Router(config)#no access-list 99 Router(config)#end Router#show access-lists Router# Router(config)#access-list 10 remark Acces_to_LAN Router(config)#access-list 10 permit 192.168.10.0 access-list 2 deny 192.168.10.1 access-list 2 permit 192.168.10.0 0.0.0.255 access-list 2 deny 192.168.0.0 0.0.255.255 access-list 2 permit 192.0.0.0 0.255.255.255 Router(config-if)#ip access-group {access-list-number | access-list-name} {in | out} Router(config)#access-list 1 permit ip 192.168.10.0 0.0.0.255 Router(config)#interface FastEthernet0/0 Router(config-if)#ip access-group 1 out
Example
Example
Example
Example
Edit Standard ACL #1 R1#show running-config | include access-list access-list 20 permit 192.168.10.100 access-list 20 deny 192.168.10.0 0.0.0.255 #2 access-list 20 permit 192.168.10.11 access-list 20 deny 192.168.10.0 0.0.0.255 #3 R1#conf t R1(config)#no access-list 20 R1(config)#access-list 20 remark Access for permit host 10.11 R1(config)#access-list 20 permit 192.168.10.11 R1(config)#access-list 20 deny 192.168.10.0 0.0.0.255
Naming ACL Router(config)#ip access-list [standart | extended] name Router(config-std-nacl)#[no] [num] {deny|permit|remark} … Router(config)#ip access-list standard Bumburum Router(config-std-nacl)#deny host 192.168.0.1 Router(config-std-nacl)#permit 192.168.0.0 0.0.0.255 Router#sh access-lists Standard IP access list Bumburum 10 deny host 192.168.0.1 20 permit 192.168.0.0 0.0.0.255 Router(config-if)#ip access-group {access-list-number | access-list-name} {in | out} Router(config-if)#ip access-group Bumburum out
Edit ACL Router#show access-lists {acl-num|name} Router#sh access-lists 99 Standard IP access list 99 10 permit host 192.168.9.9 20 permit host 192.168.9.11 Router(config)#ip access-list {standart | extended} {acl-num|name} Router(config-std-nacl)#[no] [num] {deny|permit|remark} … Router#sh access-lists standard 99 Router(config-std-nacl)#15 permit host 192.168.9.10 Router#sh access-lists 99 Standard IP access list 99 10 permit host 192.168.9.9 15 permit host 192.168.9.10 20 permit host 192.168.9.11
Extended ACL R1(config)#access-list 101 permit tcp any eq ?
Example
Example
Example
Difference between STD and EXT ACL STANDARD EXTENDED The access-list number range from1 to 99 The access-list number range from100 to 199 Can block a host, network and subnet Can block a host, network ,subnet and service Two way communication is stopped One way communication is stopped Implemented closest to the destination Implemented closest to the source Filtering is done based on only source IP address Checks source,destination,protocol, port no.
1. Create access list (std or extnd) 2. Apply access-list to an interface(inbound/outbound) R0(config)#access-list 1 deny 192.168.2.101 0.0.0.0 R0(config)#access-list 1 permit any R0(config)#int gi0/0 R0(config)#ip access-group 1 out
R0(config)#no access-list 1 R0(config)#access-list 2 deny 192.168.2.100 R0(config)#access-list 2 deny 192.168.2.101 R0(config)#access-list 2 permit any R0(config)#int gi0/0 R0(config)#no ip access-group 1 out R0(config)# ip access-group 2 out R0(config)#no access-list 2 R0(config)#access-list 3 deny 192.168.2.0 0.0.0.255 R0(config)#int gi0/0 R0(config)#no ip access-group 2 out R0(config)# ip access-group 3 out
EXTENDED ACL
R0(config)#access-list 100 deny tcp host 192.168.1.10 host 192.168.4.100 eq www R0(config)#access-list 100 deny tcp host 192.168.1.11 host 192.168.4.100 eq ftp R0(config)#access-list 100 deny icmp host 192.168.1.12 host 192.168.4.100 R0(config)#access-list 100 permit ip any any R0(config)# int se0/0/0 R0(config-if)# ip access-group 100 out R0# show access-list source server
Acl cisco

Recommended

Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guideSiddhartha Rajbhatt
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansVuz Dở Hơi
 
Ccnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureCcnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureSagarR24
 
Socket programming
Socket programmingSocket programming
Socket programmingMuhammad Fouad Ilyas Siddiqui
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Ip addressing
Ip addressingIp addressing
Ip addressingsid1322
 
CCNAv5 - S3: Chapter 7 EIGRP
CCNAv5 - S3: Chapter 7 EIGRPCCNAv5 - S3: Chapter 7 EIGRP
CCNAv5 - S3: Chapter 7 EIGRPVuz Dở Hơi
 

Recommended

Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guideSiddhartha Rajbhatt
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
CCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansCCNAv5 - S2: Chapter3 Vlans
CCNAv5 - S2: Chapter3 VlansVuz Dở Hơi
 
Ccnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureCcnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureSagarR24
 
Socket programming
Socket programmingSocket programming
Socket programmingMuhammad Fouad Ilyas Siddiqui
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Ip addressing
Ip addressingIp addressing
Ip addressingsid1322
 
CCNAv5 - S3: Chapter 7 EIGRP
CCNAv5 - S3: Chapter 7 EIGRPCCNAv5 - S3: Chapter 7 EIGRP
CCNAv5 - S3: Chapter 7 EIGRPVuz Dở Hơi
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.pptEdgardo Scrimaglia
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf sarasanandam
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9Nil Menon
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configurationstom123
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11Nil Menon
 
CCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsCCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsVuz Dở Hơi
 
Wireshark
WiresharkWireshark
WiresharkAlanoud Alqoufi
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access ListsDsunte Wilson
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsEng. Emad Al-Atoum
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 
Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocolsBhagyashri Dhoke
 
Cn ipv4 addressing
Cn ipv4 addressingCn ipv4 addressing
Cn ipv4 addressingSangeethaSasi1
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Ip addressing
Ip addressingIp addressing
Ip addressingOnline
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Route Redistribution
Route RedistributionRoute Redistribution
Route RedistributionNetwax Lab
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıBGA Cyber Security
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux InterruptsKernel TLV
 
Acl cisco
Acl ciscoAcl cisco
Acl ciscoTapan Khilar
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnaernestlithur
 

More Related Content

What's hot

CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9Nil Menon
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configurationstom123
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11Nil Menon
 
CCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsCCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsVuz Dở Hơi
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsEng. Emad Al-Atoum
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Ip addressing
Ip addressingIp addressing
Ip addressingOnline
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 
Route Redistribution
Route RedistributionRoute Redistribution
Route RedistributionNetwax Lab
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıBGA Cyber Security
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux InterruptsKernel TLV
 

What's hot (20)

Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configuration
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11
 
CCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsCCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing Concepts
 
Wireshark
WiresharkWireshark
Wireshark
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access Lists
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
 
Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocols
 
Cn ipv4 addressing
Cn ipv4 addressingCn ipv4 addressing
Cn ipv4 addressing
 
Access control list 2
Access control list 2Access control list 2
Access control list 2
 
Ip addressing
Ip addressingIp addressing
Ip addressing
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Route Redistribution
Route RedistributionRoute Redistribution
Route Redistribution
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif Çalışmaları
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux Interrupts
 

Similar to Acl cisco

Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
CCNA ppt Day 7
CCNA ppt Day 7CCNA ppt Day 7
CCNA ppt Day 7VISHNU N
 
Cisco CCNA-Standard Access List
Cisco CCNA-Standard Access ListCisco CCNA-Standard Access List
Cisco CCNA-Standard Access ListHamed Moghaddam
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Ios i pv4_access_lists
Ios i pv4_access_listsIos i pv4_access_lists
Ios i pv4_access_listsDaniPea7
 
Ios i pv4_access_lists
Ios i pv4_access_listsIos i pv4_access_lists
Ios i pv4_access_listsMohamed Gamel
 
Ios i pv4_access_lists
Ios i pv4_access_listsIos i pv4_access_lists
Ios i pv4_access_listsSwapnil Kapate
 
1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docxdorishigh
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control listsSourabh Badve
 
Configuraton of standard access list and extented access lis
Configuraton of standard access list and extented access lisConfiguraton of standard access list and extented access lis
Configuraton of standard access list and extented access lisAsif
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview3Anetwork com
 

Similar to Acl cisco (20)

Acl cisco
Acl ciscoAcl cisco
Acl cisco
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
CCNA ppt Day 7
CCNA ppt Day 7CCNA ppt Day 7
CCNA ppt Day 7
 
Cisco CCNA-Standard Access List
Cisco CCNA-Standard Access ListCisco CCNA-Standard Access List
Cisco CCNA-Standard Access List
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
 
20 access lists[1]
20 access lists[1]20 access lists[1]
20 access lists[1]
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Ios i pv4_access_lists
Ios i pv4_access_listsIos i pv4_access_lists
Ios i pv4_access_lists
 
Ios i pv4_access_lists
Ios i pv4_access_listsIos i pv4_access_lists
Ios i pv4_access_lists
 
Ios i pv4_access_lists
Ios i pv4_access_listsIos i pv4_access_lists
Ios i pv4_access_lists
 
Acl
AclAcl
Acl
 
1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
Configuraton of standard access list and extented access lis
Configuraton of standard access list and extented access lisConfiguraton of standard access list and extented access lis
Configuraton of standard access list and extented access lis
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview
 

More from Tapan Khilar

CYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxCYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxTapan Khilar
 
SNMP_ network monitoring.pptx
SNMP_ network monitoring.pptxSNMP_ network monitoring.pptx
SNMP_ network monitoring.pptxTapan Khilar
 
cctv setup (2).pptx
cctv setup (2).pptxcctv setup (2).pptx
cctv setup (2).pptxTapan Khilar
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptxTapan Khilar
 
IT ACT 2000 _ AA 2008_TAPAN.pptx
IT ACT 2000 _ AA 2008_TAPAN.pptxIT ACT 2000 _ AA 2008_TAPAN.pptx
IT ACT 2000 _ AA 2008_TAPAN.pptxTapan Khilar
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptxTapan Khilar
 
Snmp network monitoring
Snmp network monitoringSnmp network monitoring
Snmp network monitoringTapan Khilar
 
Server operating system
Server operating systemServer operating system
Server operating systemTapan Khilar
 
Memory and storage
Memory and storageMemory and storage
Memory and storageTapan Khilar
 
Input and output device
Input and output deviceInput and output device
Input and output deviceTapan Khilar
 
I series processor
I series processorI series processor
I series processorTapan Khilar
 
Computer networking
Computer networkingComputer networking
Computer networkingTapan Khilar
 

More from Tapan Khilar (20)

CYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxCYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptx
 
SNMP_ network monitoring.pptx
SNMP_ network monitoring.pptxSNMP_ network monitoring.pptx
SNMP_ network monitoring.pptx
 
cctv setup (2).pptx
cctv setup (2).pptxcctv setup (2).pptx
cctv setup (2).pptx
 
FIBER OPTICS .ppt
FIBER OPTICS .pptFIBER OPTICS .ppt
FIBER OPTICS .ppt
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
IT ACT 2000 _ AA 2008_TAPAN.pptx
IT ACT 2000 _ AA 2008_TAPAN.pptxIT ACT 2000 _ AA 2008_TAPAN.pptx
IT ACT 2000 _ AA 2008_TAPAN.pptx
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
Data security
Data securityData security
Data security
 
Snmp network monitoring
Snmp network monitoringSnmp network monitoring
Snmp network monitoring
 
Server operating system
Server operating systemServer operating system
Server operating system
 
Operating systems
Operating systemsOperating systems
Operating systems
 
Network switch
Network switchNetwork switch
Network switch
 
Network devices
Network devicesNetwork devices
Network devices
 
Memory and storage
Memory and storageMemory and storage
Memory and storage
 
Ip addressing
Ip addressingIp addressing
Ip addressing
 
Internet security
Internet securityInternet security
Internet security
 
Input and output device
Input and output deviceInput and output device
Input and output device
 
I series processor
I series processorI series processor
I series processor
 
Computer networking
Computer networkingComputer networking
Computer networking
 

Recently uploaded

Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up NumberCall Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up NumberMs Riya
 
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service LucknowAlambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service Lucknowmakika9823
 
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
Russian Escorts in lucknow 💗 9719455033 💥 Lovely Lasses: Radiant Beauties Shi...
Russian Escorts in lucknow 💗 9719455033 💥 Lovely Lasses: Radiant Beauties Shi...Russian Escorts in lucknow 💗 9719455033 💥 Lovely Lasses: Radiant Beauties Shi...
Russian Escorts in lucknow 💗 9719455033 💥 Lovely Lasses: Radiant Beauties Shi...nagunakhan
 
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一ga6c6bdl
 
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查awo24iot
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一ga6c6bdl
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsPooja Nehwal
 
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样qaffana
 
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...ur8mqw8e
 
Top Rated Pune Call Girls Shirwal ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Shirwal ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Shirwal ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Shirwal ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Call Girls in Nagpur High Profile
 
Call Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile serviceCall Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile servicerehmti665
 
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...nagunakhan
 
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一ga6c6bdl
 
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...Call Girls in Nagpur High Profile
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Pooja Nehwal
 
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...ranjana rawat
 
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Pooja Nehwal
 
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...Suhani Kapoor
 

Recently uploaded (20)

Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up NumberCall Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
 
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
 
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service LucknowAlambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
 
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Russian Escorts in lucknow 💗 9719455033 💥 Lovely Lasses: Radiant Beauties Shi...
Russian Escorts in lucknow 💗 9719455033 💥 Lovely Lasses: Radiant Beauties Shi...Russian Escorts in lucknow 💗 9719455033 💥 Lovely Lasses: Radiant Beauties Shi...
Russian Escorts in lucknow 💗 9719455033 💥 Lovely Lasses: Radiant Beauties Shi...
 
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
 
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call Girls
 
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
 
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
 
Top Rated Pune Call Girls Shirwal ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Shirwal ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Shirwal ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Shirwal ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
 
Call Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile serviceCall Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile service
 
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
 
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
 
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
 
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
 
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
 
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
 

Acl cisco

  • 1. Access Control List 2009 © Alexander Rybolovlev
  • 2. A TCP Conversation SMTP 25 POP3 110 IMAP 143 HTTP 80 HTTPS 443 DNS 53 FTP-DATA 20 FTP 21 TFTP 69 SNMP 169 NTP 123
  • 3. Packet Filtering ALLOW or DENY •Source IP address •Destination IP address •ICMP message type •TCP/UDP source port •TCP/UDP destination port One ACL per protocol (e.g., IP or IPX) One ACL per interface (e.g., FastEthernet0/0) One ACL per direction (i.e., IN or OUT) IN OUT
  • 4. Numbering and Naming ACLs Router(config)#access-list ? <1-99> <100-199> IP standard access list IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list You assign a number based on which protocol you want filtered: •(1 to 99) and (1300 to 1999): Standard IP ACL •(100 to 199) and (2000 to 2699): Extended IP ACL You assign a name by providing the name of the ACL: •Names can contain alphanumeric characters. •It is suggested that the name be written in CAPITAL LETTERS. •Names cannot contain spaces or punctuation and must begin with a letter. •You can add or delete entries within the ACL.
  • 5. Where To Place ACLs Router1 Router2 Host2 Host1 Host3 Fa0/1Fa0/1 Router0 Standart ACLExtended ACL 192.168.2.0/24 192.168.2.0/24
  • 6. Standard ACL [no] access-list acl-num {deny|permit|remark} [source [source-wildcard]] [log] Router#show access-lists Standard IP access list 99 10 permit host 192.168.99.0 20 permit host 192.168.98.0 Router#conf t Router(config)#no access-list 99 Router(config)#end Router#show access-lists Router# Router(config)#access-list 10 remark Acces_to_LAN Router(config)#access-list 10 permit 192.168.10.0 access-list 2 deny 192.168.10.1 access-list 2 permit 192.168.10.0 0.0.0.255 access-list 2 deny 192.168.0.0 0.0.255.255 access-list 2 permit 192.0.0.0 0.255.255.255 Router(config-if)#ip access-group {access-list-number | access-list-name} {in | out} Router(config)#access-list 1 permit ip 192.168.10.0 0.0.0.255 Router(config)#interface FastEthernet0/0 Router(config-if)#ip access-group 1 out
  • 11. Edit Standard ACL #1 R1#show running-config | include access-list access-list 20 permit 192.168.10.100 access-list 20 deny 192.168.10.0 0.0.0.255 #2 access-list 20 permit 192.168.10.11 access-list 20 deny 192.168.10.0 0.0.0.255 #3 R1#conf t R1(config)#no access-list 20 R1(config)#access-list 20 remark Access for permit host 10.11 R1(config)#access-list 20 permit 192.168.10.11 R1(config)#access-list 20 deny 192.168.10.0 0.0.0.255
  • 12. Naming ACL Router(config)#ip access-list [standart | extended] name Router(config-std-nacl)#[no] [num] {deny|permit|remark} … Router(config)#ip access-list standard Bumburum Router(config-std-nacl)#deny host 192.168.0.1 Router(config-std-nacl)#permit 192.168.0.0 0.0.0.255 Router#sh access-lists Standard IP access list Bumburum 10 deny host 192.168.0.1 20 permit 192.168.0.0 0.0.0.255 Router(config-if)#ip access-group {access-list-number | access-list-name} {in | out} Router(config-if)#ip access-group Bumburum out
  • 13. Edit ACL Router#show access-lists {acl-num|name} Router#sh access-lists 99 Standard IP access list 99 10 permit host 192.168.9.9 20 permit host 192.168.9.11 Router(config)#ip access-list {standart | extended} {acl-num|name} Router(config-std-nacl)#[no] [num] {deny|permit|remark} … Router#sh access-lists standard 99 Router(config-std-nacl)#15 permit host 192.168.9.10 Router#sh access-lists 99 Standard IP access list 99 10 permit host 192.168.9.9 15 permit host 192.168.9.10 20 permit host 192.168.9.11
  • 18. Difference between STD and EXT ACL STANDARD EXTENDED The access-list number range from1 to 99 The access-list number range from100 to 199 Can block a host, network and subnet Can block a host, network ,subnet and service Two way communication is stopped One way communication is stopped Implemented closest to the destination Implemented closest to the source Filtering is done based on only source IP address Checks source,destination,protocol, port no.
  • 19. 1. Create access list (std or extnd) 2. Apply access-list to an interface(inbound/outbound) R0(config)#access-list 1 deny 192.168.2.101 0.0.0.0 R0(config)#access-list 1 permit any R0(config)#int gi0/0 R0(config)#ip access-group 1 out
  • 20. R0(config)#no access-list 1 R0(config)#access-list 2 deny 192.168.2.100 R0(config)#access-list 2 deny 192.168.2.101 R0(config)#access-list 2 permit any R0(config)#int gi0/0 R0(config)#no ip access-group 1 out R0(config)# ip access-group 2 out R0(config)#no access-list 2 R0(config)#access-list 3 deny 192.168.2.0 0.0.0.255 R0(config)#int gi0/0 R0(config)#no ip access-group 2 out R0(config)# ip access-group 3 out
  • 22. R0(config)#access-list 100 deny tcp host 192.168.1.10 host 192.168.4.100 eq www R0(config)#access-list 100 deny tcp host 192.168.1.11 host 192.168.4.100 eq ftp R0(config)#access-list 100 deny icmp host 192.168.1.12 host 192.168.4.100 R0(config)#access-list 100 permit ip any any R0(config)# int se0/0/0 R0(config-if)# ip access-group 100 out R0# show access-list source server