Scribd Logo
Upload

Welcome to Scribd!

  • 07 CCNA (Access Control Lists)

    Uploaded by

    Shaikh Mohammed
    8 views3 pages
    Standard and extended access control lists (ACLs) are used to filter packets passing through a router's interfaces and perform specified actions. Standard ACLs filter based on source IP, while extended ACLs filter on source/destination IP and ports. Three scenarios are described where standard and extended ACLs are configured on routers to block specific traffic based on IP addresses and subnets.

    Original Description:

    Original Title

    07 CCNA(Access Control Lists)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Standard and extended access control lists (ACLs) are used to filter packets passing through a router's interfaces and perform specified actions. Standard ACLs filter based on source IP, while extended ACLs filter on source/destination IP and ports. Three scenarios are described where standard and extended ACLs are configured on routers to block specific traffic based on IP addresses and subnets.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    8 views3 pages

    07 CCNA (Access Control Lists)

    Uploaded by

    Shaikh Mohammed
    Standard and extended access control lists (ACLs) are used to filter packets passing through a router's interfaces and perform specified actions. Standard ACLs filter based on source IP, while extended ACLs filter on source/destination IP and ports. Three scenarios are described where standard and extended ACLs are configured on routers to block specific traffic based on IP addresses and subnets.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    #############################################################################################################################

    #########################################################CCNA 640-802########################################################
    #############################################################################################################################

    ###Access Control Lists###

    ----> ACL :-
    + The ACL is used to filter the packets passing through the network interfaces of the router and perform the actions
    specified in the ACL on the packets.

    + Types of ACL:-
    ACCESS CONTROL LISTS
    --------------------
    _________|__________
    / | \
    / | \
    / | \
    / | \
    / | \
    Standard ACL Named ACL Extended ACL

    1) Standard Access Control Lists:-


    + Filters packets based on source ip address. (Looks only at layer 3 information)
    + Must be applied on the router close to the destination network.
    + ACL Number Range = 1 - 99 (Expanded Range = 1300 - 1999)

    2) Extended Access Control Lists:-


    + Filters packets based on source & destination ip address, port & protocol.
    (Looks at layer 3 & layer 4 information)

    + Can be applied on any router between the source & destination network, but source router is
    recommended.
    + ACL Number Range = 100 - 199 (Expanded Range = 2000 - 2699)

    3) Named Access Control Lists:-


    + Can be used to create standard or extended ACL which can be identified using a name instead of ACL
    number.
    + Can be edited later.

    ----> Practicals :-

    Note:-
    a) Incoming Packet = Outbound
    b) Outgoing Packet = Inbound

    ----> Scenario :-
    R1 R2 R3
    ________ ________ ________
    / \ S 0/0 (DCE) / \ S 0/1 (DCE) / \
    | \/ |---------------/ S 0/0 (DTE)| \/ |---------------/ S 0/0 (DTE)| \/ |
    | /\ | 1.1 /---------------| /\ | 2.1 /---------------| /\ |
    \________/ 1.2 \________/ 2.2 \________/
    |Fa 0/0 |Fa 0/0 |Fa 0/0
    | 3.1 | 4.1 | 5.1
    | | |
    | | |
    | | |
    S1| S2| S3|
    _______|_______ _______|_______ _______|_______
    | <--------- | | <--------- | | <--------- |
    | ---------> | | ---------> | | ---------> |
    |_____________| |_____________| |_____________|
    / \ / \ / | \
    / \ / \ / | \
    / \ / \ / | \
    / \ / \ / ___|___ \
    ___/___ ___\___ ___/___ ___\___ ___/___ | | ___\___
    | 3.2 | | 3.3 | | 4.2 | | 4.3 | | 5.2 | |5.100| | 5.3 |
    |_____| |_____| |_____| |_____| |_____| | | |_____|
    ^ ^ ^ ^ ^ | | ^
    PC1 PC2 PC3 PC4 PC5 |_____| PC6
    Web Server

    ----> Standard ACL:-


    --> Scenario 1:-
    Block PC (3.2) from accessing Network (5.0)
    Source Router = R1
    Destination Router = R3 (fa 0/0 = outbound)

    + Configurations:

    a) Create ACL:
    R3(config)#access-list 50 remark blocks pc 3.2 from accessing network 5.0
    |R3(config)#access-list 50 deny 192.168.3.2 0.0.0.0
    | OR
    |R3(config)#access-list 50 deny host 192.168.3.2
    R3(config)#access-list 50 permit any

    b) Applying ACL on an interface:


    R3(config)#interface fastethernet 0/0
    R3(config-if)#ip access-group 50 out
    R3(config-if)#exit

    c) To show access list (filtering):

    R3#show access-lists

    --> Scenario 2:-


    Block Network (4.0) from accessing Network (5.0)
    Source Router = R2
    Destination Router = R3 (fa 0/0 = outbound)

    + Configurations:
    a) Create ACL:
    R3(config)#access-list 60 remark blocks network 4.0 from accessing network 5.0

    R3(config)#access-list 60 deny 192.168.4.0 0.0.0.255


    R3(config)#access-list 60 permit any

    b) Applying ACL on an interface:

    R3(config)#interface fastethernet 0/0


    R3(config-if)#ip access-group 60 out
    R3(config-if)#exit

    c) To show access list (filtering):

    R3#show access-lists

    --> Scenario 3:-


    Block PC (5.3) from telneting Router R1
    Source Router = R3
    Destination Router = R1 (line vty 0 4 = incoming)

    + Configurations:
    a) Create ACL:
    R1(config)#access-list 70 remark blocks pc 5.3 from telneting this router

    |R1(config)#access-list 70 deny 192.168.5.3 0.0.0.0


    | OR
    |R1(config)#access-list 70 deny host 192.168.5.3

    R1(config)#access-list 70 permit any

    b) Applying ACL on an interface:


    R1(config)#line vty 0 4
    R1(config-line)#ip access-class 70 in
    R1(config-line)#exit

    c) To show access list (filtering):


    R1#show access-lists

    ----> Extended ACL:-


    --> Scenario 1:-
    Block PC (3.2) from accessing PC (5.2)
    Source Router = R1 (fa 0/0 = inbound)
    Destination Router = R3

    + Configurations:

    a) Create ACL:
    R1(config)#access-list 100 remark blocks pc 3.2 from accessing pc 5.2
    |R1(config)#access-list 100 deny ip 192.168.3.2 0.0.0.0 192.168.5.2 0.0.0.0
    | OR
    |R1(config)#access-list 100 deny ip host 192.168.3.2 host 192.168.5.2
    R1(config)#access-list 100 permit ip any any

    b) Applying ACL on an interface:

    R1(config)#interface fastethernet 0/0


    R1(config-if)#ip access-group 100 in
    R1(config-if)#exit

    c) To show access list (filtering):

    R1#show access-lists

    --> Scenario 2:-


    Block PC (3.2) from accessing Network (4.0)
    Source Router = R1 (fa 0/0 = inbound)
    Destination Router = R2

    + Configurations:
    a) Create ACL:

    R1(config)#access-list 110 remark blocks pc 3.2 from accessing network 4.0


    |R1(config)#access-list 110 deny ip 192.168.3.2 0.0.0.0 192.168.4.0 0.0.0.255
    | OR
    |R1(config)#access-list 110 deny ip host 192.168.3.2 192.168.4.0 0.0.0.255
    R1(config)#access-list 110 permit ip any any

    b) Applying ACL on an interface:


    R1(config)#interface fastethernet 0/0
    R1(config-if)#ip access-group 110 in
    R1(config-if)#exit

    c) To show access list (filtering):


    R1#show access-lists

    --> Scenario 3:-


    Block Network (5.0) from accessing Network (4.0)
    Source Router = R3 (fa 0/0 = inbound)
    Destination Router = R2

    + Configurations:
    a) Create ACL:
    R3(config)#access-list 150 remark blocks network 5.0 from accessing network 4.0
    R3(config)#access-list 150 deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
    R3(config)#access-list 150 permit ip any any

    b) Applying ACL on an interface:


    R3(config)#interface fastethernet 0/0
    R3(config-if)#ip access-group 150 in
    R3(config-if)#exit

    c) To show access list (filtering):

    R1#show access-lists

    --> Scenario 4:-


    Block PC (3.2) from accessing website in web server (5.100) but it should ping
    Source Router = R1 (fa 0/0 = inbound)
    Destination Router = R3

    + Configurations:
    a) Create ACL:
    R1(config)#access-list 160 remark blocks pc 3.2 from accessing website in server 5.100

    |R1(config)#access-list 160 deny tcp 192.168.3.2 0.0.0.0 192.168.5.2 0.0.0.0 eq 80


    | OR
    |R1(config)#access-list 160 deny tcp host 192.168.3.2 host 192.168.5.2 eq 80
    R1(config)#access-list 160 permit ip any any

    b) Applying ACL on an interface:

    R1(config)#interface fastethernet 0/0


    R1(config-if)#ip access-group 160 in
    R1(config-if)#exit

    c) To show access list (filtering):


    R1#show access-lists

    --> Scenario 5:-


    Block PC (3.2) from telneting Router R2
    Source Router = R1 (fa 0/0 = inbound)
    Destination Router = R2

    + Configurations:
    a) Create ACL:

    R1(config)#access-list 180 remark blocks pc 3.2 from telneting router R2


    |R1(config)#access-list 180 deny tcp 192.168.3.2 0.0.0.0 192.168.1.2 0.0.0.0 eq 23
    |R1(config)#access-list 180 deny tcp 192.168.3.2 0.0.0.0 192.168.2.1 0.0.0.0 eq 23
    |R1(config)#access-list 180 deny tcp 192.168.3.2 0.0.0.0 192.168.4.1 0.0.0.0 eq 23
    | OR
    |R1(config)#access-list 180 deny tcp host 192.168.3.2 host 192.168.1.2 eq 23
    |R1(config)#access-list 180 deny tcp host 192.168.3.2 host 192.168.2.1 eq 23
    |R1(config)#access-list 180 deny tcp host 192.168.3.2 host 192.168.4.1 eq 23

    R1(config)#access-list 180 permit ip any any

    b) Applying ACL on an interface:


    R1(config)#interface fastethernet 0/0
    R1(config-if)#ip access-group 180 in
    R1(config-if)#exit

    c) To show access list (filtering):


    R1#show access-lists

    ----> Named ACL:-


    --> Scenario 1:-
    Block PC (3.2) from accessing Network (5.0) using Standard-Named ACL
    Source Router = R1
    Destination Router = R3 (fa 0/0 = outbound)

    + Configurations:

    a) Create ACL:
    R3(config)#ip access-list standard blockpc
    R3(config-std-nacl)#remark blocks pc 3.2 from accessing network 5.0
    |R3(config-std-nacl)#deny 192.168.3.2 0.0.0.0
    | OR
    |R3(config-std-nacl)#deny host 192.168.3.2
    R3(config-std-nacl)#permit any

    b) Applying ACL on an interface:

    R3(config)#interface fastethernet 0/0


    R3(config-if)#ip access-group blockpc out
    R3(config-if)#exit

    c) To show access list (filtering):

    R3#show ip access-lists

    --> Scenario 2:-


    Block PC (3.2) from accessing Network (5.0) using Extended-Named ACL
    Source Router = R1 (fa 0/0 = inbound)
    Destination Router = R3

    + Configurations:
    a) Create ACL:
    R1(config)#ip access-list extended blockpc
    R1(config-ext-nacl)#remark blocks pc 3.2 from accessing network 5.0

    |R1(config-ext-nacl)#deny ip 192.168.3.2 0.0.0.0 192.168.5.0 0.0.0.255


    | OR
    |R1(config-ext-nacl)#deny ip host 192.168.3.2 192.168.5.0 0.0.0.255
    R1(config-ext-nacl)#permit ip any any

    b) Applying ACL on an interface:


    R1(config)#interface fastethernet 0/0
    R1(config-if)#ip access-group blockpc in
    R1(config-if)#exit

    c) To show access list (filtering):


    R3#show ip access-lists

    #############################################################################################################################
    #####################################################By - Muhammed Anas######################################################
    #############################################################################################################################

    You might also like