Professional Documents
Culture Documents
07 CCNA (Access Control Lists)
07 CCNA (Access Control Lists)
#########################################################CCNA 640-802########################################################
#############################################################################################################################
----> ACL :-
+ The ACL is used to filter the packets passing through the network interfaces of the router and perform the actions
specified in the ACL on the packets.
+ Types of ACL:-
ACCESS CONTROL LISTS
--------------------
_________|__________
/ | \
/ | \
/ | \
/ | \
/ | \
Standard ACL Named ACL Extended ACL
+ Can be applied on any router between the source & destination network, but source router is
recommended.
+ ACL Number Range = 100 - 199 (Expanded Range = 2000 - 2699)
----> Practicals :-
Note:-
a) Incoming Packet = Outbound
b) Outgoing Packet = Inbound
----> Scenario :-
R1 R2 R3
________ ________ ________
/ \ S 0/0 (DCE) / \ S 0/1 (DCE) / \
| \/ |---------------/ S 0/0 (DTE)| \/ |---------------/ S 0/0 (DTE)| \/ |
| /\ | 1.1 /---------------| /\ | 2.1 /---------------| /\ |
\________/ 1.2 \________/ 2.2 \________/
|Fa 0/0 |Fa 0/0 |Fa 0/0
| 3.1 | 4.1 | 5.1
| | |
| | |
| | |
S1| S2| S3|
_______|_______ _______|_______ _______|_______
| <--------- | | <--------- | | <--------- |
| ---------> | | ---------> | | ---------> |
|_____________| |_____________| |_____________|
/ \ / \ / | \
/ \ / \ / | \
/ \ / \ / | \
/ \ / \ / ___|___ \
___/___ ___\___ ___/___ ___\___ ___/___ | | ___\___
| 3.2 | | 3.3 | | 4.2 | | 4.3 | | 5.2 | |5.100| | 5.3 |
|_____| |_____| |_____| |_____| |_____| | | |_____|
^ ^ ^ ^ ^ | | ^
PC1 PC2 PC3 PC4 PC5 |_____| PC6
Web Server
+ Configurations:
a) Create ACL:
R3(config)#access-list 50 remark blocks pc 3.2 from accessing network 5.0
|R3(config)#access-list 50 deny 192.168.3.2 0.0.0.0
| OR
|R3(config)#access-list 50 deny host 192.168.3.2
R3(config)#access-list 50 permit any
R3#show access-lists
+ Configurations:
a) Create ACL:
R3(config)#access-list 60 remark blocks network 4.0 from accessing network 5.0
R3#show access-lists
+ Configurations:
a) Create ACL:
R1(config)#access-list 70 remark blocks pc 5.3 from telneting this router
+ Configurations:
a) Create ACL:
R1(config)#access-list 100 remark blocks pc 3.2 from accessing pc 5.2
|R1(config)#access-list 100 deny ip 192.168.3.2 0.0.0.0 192.168.5.2 0.0.0.0
| OR
|R1(config)#access-list 100 deny ip host 192.168.3.2 host 192.168.5.2
R1(config)#access-list 100 permit ip any any
R1#show access-lists
+ Configurations:
a) Create ACL:
+ Configurations:
a) Create ACL:
R3(config)#access-list 150 remark blocks network 5.0 from accessing network 4.0
R3(config)#access-list 150 deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
R3(config)#access-list 150 permit ip any any
R1#show access-lists
+ Configurations:
a) Create ACL:
R1(config)#access-list 160 remark blocks pc 3.2 from accessing website in server 5.100
+ Configurations:
a) Create ACL:
+ Configurations:
a) Create ACL:
R3(config)#ip access-list standard blockpc
R3(config-std-nacl)#remark blocks pc 3.2 from accessing network 5.0
|R3(config-std-nacl)#deny 192.168.3.2 0.0.0.0
| OR
|R3(config-std-nacl)#deny host 192.168.3.2
R3(config-std-nacl)#permit any
R3#show ip access-lists
+ Configurations:
a) Create ACL:
R1(config)#ip access-list extended blockpc
R1(config-ext-nacl)#remark blocks pc 3.2 from accessing network 5.0
#############################################################################################################################
#####################################################By - Muhammed Anas######################################################
#############################################################################################################################