SlideShare a Scribd company logo

Standard Access List

NetProtocol Xpert
NetProtocol Xpert

Standard Access List

Engineering
1 of 13
Standard Access List WWW.NETPROTOCOLXPERT.IN
 With standard ACLs you can permit or deny traffic from source IP addresses.  The destination of the packet and the port doesn’t matter. They can be named or numbered.  The ranges used by numbered ACLs are from 1 to 99 and from 1300 to 1999.
we have R1 and R2. On R1’s fa0/0 interface will apply an Inbound ACL to filter some of R2’s loopback interfaces networks
configure on R1 and R2 interfaces, without ACL  R1  interface FastEthernet0/0  ip address 10.0.0.1 255.255.255.0  ip route 192.168.0.0 255.255.255.0 FastEthernet0/0  ip route 192.168.1.0 255.255.255.0 FastEthernet0/0  ip route 192.168.2.0 255.255.255.0 FastEthernet0/0  R2  interface Loopback0  ip address 192.168.0.1 255.255.255.0  interface Loopback1  ip address 192.168.1.1 255.255.255.0  interface Loopback2  ip address 192.168.2.1 255.255.255.0  interface FastEthernet0/0  ip address 10.0.0.2 255.255.255.0
 On R1 we’ve added 3 static routes to reach R2’s loopback interfaces. Now, we’ll configure a numbered Access List on R1.  access-list 1 deny 192.168.0.0 0.0.0.255  access-list 1 permit 192.168.1.0 0.0.0.255  access-list 1 remark Manage Traffic From R2
ACL’s statements NUMBER “1”  This is the number used by this ACL “DENY” KEYWORD  With this keyword will be denied network matched by this statement “PERMIT” KEYWORD  With this keyword will be permitted network matched by this statement “192.168.0.0”  This is network that will be matched by the statement “REMARK” KEYWORD  The string that comes after this keyword represents a description which can help you at a later time what is the purpose of the ACL At the end of every ACL there is an “implicit deny” which will deny all packets that aren’t matched in ACL.
“0.0.0.255”  This is wildcard mask that tells the router which parts of the subnet number to look at.  With Wildcard mask bit 0 – will match the corresponding bit value in the address;  With Wildcard mask bit 1 – will ignore the corresponding bit value in the address.  If we take this in binary we will get: 00000000.00000000.00000000.11111111. Results that first 24 positions in IP address will be matched and last 8 will be ignored. If we take first statement from ACL we get that all packets with source IP address which start with 192.168.0 will be matched, and will be denied, the last 8 bits don’t matter.
 Next step is to bound Standard Access List to an interface as inbound or outbound. ACL doesn’t act on packets generated by itself, that’s why there is no reason to use it here as outbound ACL. We’ll bound it to R1’s fa0/0 as inbound Access List.  R1  interface FastEthernet0/0  ip access-group 1 in
We have got the next result:  Packets with R2’s Loopback 0 source IP address (192.168.0.1) will be denied by first statement;  Packets with R2’s Loopback 1 source IP address(192.168.1.1) will be permitted by second statement;  Packets with R2’s Loopback 2 source IP address (192.168.2.1) will be denied by “implicit deny” because it is not matched by any of the other statements.
 R2#ping 10.0.0.1 source loopback 0  Type escape sequence to abort.  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:  Packet sent with a source address of 192.168.0.1  U.U.U  Success rate is 0 percent (0/5)  R2#  R2#ping 10.0.0.1 source loopback 1  Type escape sequence to abort.  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:  Packet sent with a source address of 192.168.1.1  !!!!!  Success rate is 100 percent (5/5), round-trip min/avg/max = 16/23/36 ms  R2#  R2#ping 10.0.0.1 source loopback 2
 Type escape sequence to abort.  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:  Packet sent with a source address of 192.168.2.1  U.U.U  Success rate is 0 percent (0/5)  R2#  From the output you can see that only ping from Loopback 1 succeeded. You can check ACL’s statements with one of these commands  show access-lists  show ip access-lists
 To delete an this Access List use this command  no access-list 1  The named version of this Access List will look like this  ip access-list standard FIRST  deny 192.168.0.0 0.0.0.255  permit 192.168.1.0 0.0.0.255  remark Manage Traffic From R2
Follow Us On https://www.facebook.com/N etProtocolXpert/ https://www.linkedin.com/c ompany/netprotocol-xpert https://plus.google.com/u/ 0/collection/AYQ-EB https://www.instagram.com/ netprotocol_xpert/ https://twitter.com/NPX_cisco https://branded.me/netprot ocolxpert

Recommended

Access control list [2]
Access control list [2]Access control list [2]
Access control list [2]Summit Bisht
 
Policy Based Routing
Policy Based RoutingPolicy Based Routing
Policy Based RoutingNetProtocol Xpert
 
Basic Cisco Router config
Basic Cisco Router configBasic Cisco Router config
Basic Cisco Router configAndrew Spiker
 
OSPF Virtual Link
OSPF Virtual LinkOSPF Virtual Link
OSPF Virtual LinkNetProtocol Xpert
 
OSPF Virtual Link
OSPF Virtual LinkOSPF Virtual Link
OSPF Virtual LinkNetProtocol Xpert
 
Ejercicio 4 vtp
Ejercicio 4 vtpEjercicio 4 vtp
Ejercicio 4 vtpSebastian Hevia
 
How to Configure ip address for router interfaces
How to Configure ip address for router interfacesHow to Configure ip address for router interfaces
How to Configure ip address for router interfacestcpipguru
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 

Recommended

Access control list [2]
Access control list [2]Access control list [2]
Access control list [2]Summit Bisht
 
Policy Based Routing
Policy Based RoutingPolicy Based Routing
Policy Based RoutingNetProtocol Xpert
 
Basic Cisco Router config
Basic Cisco Router configBasic Cisco Router config
Basic Cisco Router configAndrew Spiker
 
OSPF Virtual Link
OSPF Virtual LinkOSPF Virtual Link
OSPF Virtual LinkNetProtocol Xpert
 
OSPF Virtual Link
OSPF Virtual LinkOSPF Virtual Link
OSPF Virtual LinkNetProtocol Xpert
 
Ejercicio 4 vtp
Ejercicio 4 vtpEjercicio 4 vtp
Ejercicio 4 vtpSebastian Hevia
 
How to Configure ip address for router interfaces
How to Configure ip address for router interfacesHow to Configure ip address for router interfaces
How to Configure ip address for router interfacestcpipguru
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Sub red 1
Sub red 1Sub red 1
Sub red 1jhonjayro silva
 
Port Security
Port SecurityPort Security
Port SecurityNetProtocol Xpert
 
CIsco ACL- Network and host security
CIsco ACL- Network and host securityCIsco ACL- Network and host security
CIsco ACL- Network and host securityShiv Koppad
 
Configuring extended ACLs
Configuring extended ACLsConfiguring extended ACLs
Configuring extended ACLsNetProtocol Xpert
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]Summit Bisht
 
Aci ports
Aci portsAci ports
Aci portsBruno Plantier
 
Dynamic Access List
Dynamic Access ListDynamic Access List
Dynamic Access ListNetProtocol Xpert
 
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)Aryandi triyanto 10 (tugas cisco 1 router 3 pc)
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)aryandi572
 
8 subredesssss
8 subredesssss8 subredesssss
8 subredessssssovon123
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control listsSourabh Badve
 
Acl
AclAcl
AclVicky Kamboj
 
Acl
AclAcl
AclRaghu Kiran
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 aclSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
How to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configurationHow to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configurationIT Tech
 
Examen switcheo
Examen switcheoExamen switcheo
Examen switcheoWhaleejaa Wha
 
Acl cisco
Acl ciscoAcl cisco
Acl ciscoTapan Khilar
 
Presentation1
Presentation1Presentation1
Presentation1jijiharon
 
TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZA
TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZATEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZA
TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZAProf Handley Mpoki Mafwenga
 
Excel12
Excel12Excel12
Excel12Batzaya Dashdondog
 

More Related Content

What's hot

How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
CIsco ACL- Network and host security
CIsco ACL- Network and host securityCIsco ACL- Network and host security
CIsco ACL- Network and host securityShiv Koppad
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]Summit Bisht
 
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)Aryandi triyanto 10 (tugas cisco 1 router 3 pc)
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)aryandi572
 
8 subredesssss
8 subredesssss8 subredesssss
8 subredessssssovon123
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control listsSourabh Badve
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
How to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configurationHow to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configurationIT Tech
 
Presentation1
Presentation1Presentation1
Presentation1jijiharon
 

What's hot (20)

How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switch
 
Sub red 1
Sub red 1Sub red 1
Sub red 1
 
Port Security
Port SecurityPort Security
Port Security
 
CIsco ACL- Network and host security
CIsco ACL- Network and host securityCIsco ACL- Network and host security
CIsco ACL- Network and host security
 
Configuring extended ACLs
Configuring extended ACLsConfiguring extended ACLs
Configuring extended ACLs
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]
 
Aci ports
Aci portsAci ports
Aci ports
 
Dynamic Access List
Dynamic Access ListDynamic Access List
Dynamic Access List
 
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)Aryandi triyanto 10 (tugas cisco 1 router 3 pc)
Aryandi triyanto 10 (tugas cisco 1 router 3 pc)
 
8 subredesssss
8 subredesssss8 subredesssss
8 subredesssss
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
Acl
AclAcl
Acl
 
Acl
AclAcl
Acl
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
How to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configurationHow to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configuration
 
Examen switcheo
Examen switcheoExamen switcheo
Examen switcheo
 
Acl cisco
Acl ciscoAcl cisco
Acl cisco
 
Presentation1
Presentation1Presentation1
Presentation1
 

Viewers also liked

TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZA
TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZATEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZA
TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZAProf Handley Mpoki Mafwenga
 
Curriculum Vitae of Michelle Tobias
Curriculum Vitae of Michelle TobiasCurriculum Vitae of Michelle Tobias
Curriculum Vitae of Michelle TobiasMichelle Tobias
 
현업 엔지니어의 시각에서 본 알고리즘 공부의 장점과 단점
현업 엔지니어의 시각에서 본 알고리즘 공부의 장점과 단점현업 엔지니어의 시각에서 본 알고리즘 공부의 장점과 단점
현업 엔지니어의 시각에서 본 알고리즘 공부의 장점과 단점Wonha Ryu
 
таниулсан зөвшөөрөл баримтын судалгаа
таниулсан зөвшөөрөл баримтын судалгаатаниулсан зөвшөөрөл баримтын судалгаа
таниулсан зөвшөөрөл баримтын судалгааnaranbatn
 
Research method ch01 introduction
Research method ch01 introductionResearch method ch01 introduction
Research method ch01 introductionnaranbatn
 
таниулсан зөвшөөрөл эмнэлзүйн судалгаа
таниулсан зөвшөөрөл эмнэлзүйн судалгаатаниулсан зөвшөөрөл эмнэлзүйн судалгаа
таниулсан зөвшөөрөл эмнэлзүйн судалгааnaranbatn
 
El libro-móvil-de-las-tablas-de-multiplicar
El libro-móvil-de-las-tablas-de-multiplicarEl libro-móvil-de-las-tablas-de-multiplicar
El libro-móvil-de-las-tablas-de-multiplicarJenny RM
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security ServicesRadware
 
Ceh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hackingCeh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hackingAsep Sopyan
 

Viewers also liked (15)

TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZA
TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZATEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZA
TEITI -WAKALA WA UKAGUZI WA MADINI TANZANIA-MWANZA
 
Excel12
Excel12Excel12
Excel12
 
Curriculum Vitae of Michelle Tobias
Curriculum Vitae of Michelle TobiasCurriculum Vitae of Michelle Tobias
Curriculum Vitae of Michelle Tobias
 
현업 엔지니어의 시각에서 본 알고리즘 공부의 장점과 단점
현업 엔지니어의 시각에서 본 알고리즘 공부의 장점과 단점현업 엔지니어의 시각에서 본 알고리즘 공부의 장점과 단점
현업 엔지니어의 시각에서 본 알고리즘 공부의 장점과 단점
 
Decalogo
Decalogo Decalogo
Decalogo
 
таниулсан зөвшөөрөл баримтын судалгаа
таниулсан зөвшөөрөл баримтын судалгаатаниулсан зөвшөөрөл баримтын судалгаа
таниулсан зөвшөөрөл баримтын судалгаа
 
Research method ch01 introduction
Research method ch01 introductionResearch method ch01 introduction
Research method ch01 introduction
 
таниулсан зөвшөөрөл эмнэлзүйн судалгаа
таниулсан зөвшөөрөл эмнэлзүйн судалгаатаниулсан зөвшөөрөл эмнэлзүйн судалгаа
таниулсан зөвшөөрөл эмнэлзүйн судалгаа
 
Havsralt 1
Havsralt 1Havsralt 1
Havsralt 1
 
EIGRP Configuration
EIGRP ConfigurationEIGRP Configuration
EIGRP Configuration
 
El libro-móvil-de-las-tablas-de-multiplicar
El libro-móvil-de-las-tablas-de-multiplicarEl libro-móvil-de-las-tablas-de-multiplicar
El libro-móvil-de-las-tablas-de-multiplicar
 
OSPF Overview
OSPF OverviewOSPF Overview
OSPF Overview
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security Services
 
Ceh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hackingCeh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hacking
 
Js dom & JS bom
Js dom & JS bomJs dom & JS bom
Js dom & JS bom
 

Similar to Standard Access List

cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfAsgarAlam6
 
1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docxdorishigh
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
 
Student Name _________________________________ Date _____________SE.docx
Student Name _________________________________ Date _____________SE.docxStudent Name _________________________________ Date _____________SE.docx
Student Name _________________________________ Date _____________SE.docxemelyvalg9
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration3Anetwork com
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2Kris Mofu
 
Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeNetwax Lab
 
CCNA_200-301_June_2023-v1.2.pdf
CCNA_200-301_June_2023-v1.2.pdfCCNA_200-301_June_2023-v1.2.pdf
CCNA_200-301_June_2023-v1.2.pdfCCIEHOMER
 
Ip Addressing Basics
Ip Addressing BasicsIp Addressing Basics
Ip Addressing Basicstmavroidis
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...rediani
 

Similar to Standard Access List (20)

cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
 
1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
 
Student Name _________________________________ Date _____________SE.docx
Student Name _________________________________ Date _____________SE.docxStudent Name _________________________________ Date _____________SE.docx
Student Name _________________________________ Date _____________SE.docx
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
 
Lab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayLab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relay
 
Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static route
 
CCIE Lab - IGP Routing
CCIE Lab - IGP Routing CCIE Lab - IGP Routing
CCIE Lab - IGP Routing
 
Frame Relayprint
Frame RelayprintFrame Relayprint
Frame Relayprint
 
Intro to Ethernet
Intro to EthernetIntro to Ethernet
Intro to Ethernet
 
CCNA_200-301_June_2023-v1.2.pdf
CCNA_200-301_June_2023-v1.2.pdfCCNA_200-301_June_2023-v1.2.pdf
CCNA_200-301_June_2023-v1.2.pdf
 
Ccna1v3 mod10
Ccna1v3 mod10Ccna1v3 mod10
Ccna1v3 mod10
 
ENSA_Module_4.pptx
ENSA_Module_4.pptxENSA_Module_4.pptx
ENSA_Module_4.pptx
 
Ip Addressing Basics
Ip Addressing BasicsIp Addressing Basics
Ip Addressing Basics
 
IPAddressing .pptx
IPAddressing .pptxIPAddressing .pptx
IPAddressing .pptx
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
 
Linux router
Linux routerLinux router
Linux router
 

More from NetProtocol Xpert

Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPNetProtocol Xpert
 
Avoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a commandAvoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a commandNetProtocol Xpert
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesNetProtocol Xpert
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)NetProtocol Xpert
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)NetProtocol Xpert
 

More from NetProtocol Xpert (20)

Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
 
Storm-Control
Storm-ControlStorm-Control
Storm-Control
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
 
IP Source Guard
IP Source Guard IP Source Guard
IP Source Guard
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
Application & Data Center
Application & Data CenterApplication & Data Center
Application & Data Center
 
Cisco ISR 4351 Router
Cisco ISR 4351 RouterCisco ISR 4351 Router
Cisco ISR 4351 Router
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAP
 
Avoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a commandAvoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a command
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and Switches
 
Private VLANs
Private VLANsPrivate VLANs
Private VLANs
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
 
Cisco OTV 
Cisco OTV Cisco OTV 
Cisco OTV 
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)
 

Recently uploaded

UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 

Recently uploaded (20)

DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 

Standard Access List

  • 2.  With standard ACLs you can permit or deny traffic from source IP addresses.  The destination of the packet and the port doesn’t matter. They can be named or numbered.  The ranges used by numbered ACLs are from 1 to 99 and from 1300 to 1999.
  • 3. we have R1 and R2. On R1’s fa0/0 interface will apply an Inbound ACL to filter some of R2’s loopback interfaces networks
  • 4. configure on R1 and R2 interfaces, without ACL  R1  interface FastEthernet0/0  ip address 10.0.0.1 255.255.255.0  ip route 192.168.0.0 255.255.255.0 FastEthernet0/0  ip route 192.168.1.0 255.255.255.0 FastEthernet0/0  ip route 192.168.2.0 255.255.255.0 FastEthernet0/0  R2  interface Loopback0  ip address 192.168.0.1 255.255.255.0  interface Loopback1  ip address 192.168.1.1 255.255.255.0  interface Loopback2  ip address 192.168.2.1 255.255.255.0  interface FastEthernet0/0  ip address 10.0.0.2 255.255.255.0
  • 5.  On R1 we’ve added 3 static routes to reach R2’s loopback interfaces. Now, we’ll configure a numbered Access List on R1.  access-list 1 deny 192.168.0.0 0.0.0.255  access-list 1 permit 192.168.1.0 0.0.0.255  access-list 1 remark Manage Traffic From R2
  • 6. ACL’s statements NUMBER “1”  This is the number used by this ACL “DENY” KEYWORD  With this keyword will be denied network matched by this statement “PERMIT” KEYWORD  With this keyword will be permitted network matched by this statement “192.168.0.0”  This is network that will be matched by the statement “REMARK” KEYWORD  The string that comes after this keyword represents a description which can help you at a later time what is the purpose of the ACL At the end of every ACL there is an “implicit deny” which will deny all packets that aren’t matched in ACL.
  • 7. “0.0.0.255”  This is wildcard mask that tells the router which parts of the subnet number to look at.  With Wildcard mask bit 0 – will match the corresponding bit value in the address;  With Wildcard mask bit 1 – will ignore the corresponding bit value in the address.  If we take this in binary we will get: 00000000.00000000.00000000.11111111. Results that first 24 positions in IP address will be matched and last 8 will be ignored. If we take first statement from ACL we get that all packets with source IP address which start with 192.168.0 will be matched, and will be denied, the last 8 bits don’t matter.
  • 8.  Next step is to bound Standard Access List to an interface as inbound or outbound. ACL doesn’t act on packets generated by itself, that’s why there is no reason to use it here as outbound ACL. We’ll bound it to R1’s fa0/0 as inbound Access List.  R1  interface FastEthernet0/0  ip access-group 1 in
  • 9. We have got the next result:  Packets with R2’s Loopback 0 source IP address (192.168.0.1) will be denied by first statement;  Packets with R2’s Loopback 1 source IP address(192.168.1.1) will be permitted by second statement;  Packets with R2’s Loopback 2 source IP address (192.168.2.1) will be denied by “implicit deny” because it is not matched by any of the other statements.
  • 10.  R2#ping 10.0.0.1 source loopback 0  Type escape sequence to abort.  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:  Packet sent with a source address of 192.168.0.1  U.U.U  Success rate is 0 percent (0/5)  R2#  R2#ping 10.0.0.1 source loopback 1  Type escape sequence to abort.  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:  Packet sent with a source address of 192.168.1.1  !!!!!  Success rate is 100 percent (5/5), round-trip min/avg/max = 16/23/36 ms  R2#  R2#ping 10.0.0.1 source loopback 2
  • 11.  Type escape sequence to abort.  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:  Packet sent with a source address of 192.168.2.1  U.U.U  Success rate is 0 percent (0/5)  R2#  From the output you can see that only ping from Loopback 1 succeeded. You can check ACL’s statements with one of these commands  show access-lists  show ip access-lists
  • 12.  To delete an this Access List use this command  no access-list 1  The named version of this Access List will look like this  ip access-list standard FIRST  deny 192.168.0.0 0.0.0.255  permit 192.168.1.0 0.0.0.255  remark Manage Traffic From R2