ACCESS CONTROL LIST Slides Prepared By Adeel Ahmed,

Slides:



Advertisements
Similar presentations
Access Control List (ACL)
Advertisements

Configuring and Troubleshooting ACLs
IP Forwarding Relates to Lab 3.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists
Implementing Inter-VLAN Routing
Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
The Cisco ACL. 1.The Cisco ACL is simply a means to filter traffic that crosses your router. 2.It has two major syntax types numbered and named lists.
OSPF in Multiple Area.
Network Certification Preparation. Module - 5 Basic troubleshooting of IP addressing issues Basic troubleshooting of RIP and IGRP Basic troubleshooting.
© 2002, Cisco Systems, Inc. All rights reserved..
Advantages of Dynamic Routing over Static Routing : Advertise only the directly connected networks. Updates the topology changes dynamically. Administrative.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Access Control List ACL. Access Control List ACL.
Access Control Lists (ACLs)
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
Open standard protocol Successor of RIP Classless routing protocol Uses Shortest Path First (SPF) Algorithm Updates are sent through Multicast IP address.
E /24 LAN /24LAN – / /8 S0 S /8 Head Office Branch Office E /16.
1 Pertemuan 26 Integrating Network using Routing Protocol.
Instructor & Todd Lammle
Access-Lists Securing Your Router and Protecting Your Network.
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
1 What Are Access Lists? –Standard –Checks Source address –Generally permits or denies entire protocol suite –Extended –Checks Source and Destination address.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
Cisco proprietary protocol Classless routing protocol Metric (32 bit) : Composite Metric (BW + Delay) by default. Administrative distance is 90 Updates.
Restricting Access in the network
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
ACCESS CONTROL LIST.
Access Control Lists (ACL). Access-List Overview 4 A Filter through which all traffic must pass 4 Used to Permit or Deny Access to Network 4 Provides.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Sybex CCNA Chapter 10: Security Instructor & Todd Lammle.
 RIP — A distance vector interior routing protocol  IGRP — The Cisco distance vector interior routing protocol (not used nowadays)  OSPF — A link-state.
Access Control Lists Mark Clements. 17 March 2009ITCN 2 This Week – Access Control Lists What are ACLs? What are they for? How do they work? Standard.
Wild Stuff ExtendedACLGeneralACLStandardACL Got the Right Number?
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
Extended Access Control Lists. Extended ACLs Can Filter on One or Many Data Fields.
Instructor & Todd Lammle
Instructor Materials Chapter 7: Access Control Lists
Instructor Materials Chapter 4: Access Control Lists
STATIC ROUTING.
CCENT Study Guide Chapter 12 Security.
DYNAMIC ROUTING.
Access Control Lists.
Access Control Lists.
Managing IP Traffic with ACLs
© 2002, Cisco Systems, Inc. All rights reserved.
IP Forwarding Covers the principles of end-to-end datagram delivery in IP networks.
Chapter 4: Access Control Lists (ACLs)
IP Forwarding Relates to Lab 3.
Access Control Lists Last Update
Chapter 4: Access Control Lists
Access Control Lists CCNA 2 v3 – Module 11
IP Forwarding Relates to Lab 3.
Static Routing For Multiple Routers
IP Forwarding Relates to Lab 3.
Chabot College ELEC Access Control Lists - Introduction.
ACCESS CONTROL LIST Slides Prepared By Adeel Ahmed,
Networking and Network Protocols (Part2)
IP Forwarding Relates to Lab 3.
Presentation transcript:

ACCESS CONTROL LIST Slides Prepared By Adeel Ahmed, Updated By, Syed Ameen Quadri.

Rules of Access List All deny statements have to be given First There should be at least one Permit statement An implicit deny blocks all traffic by default when there is no match (an invisible statement). Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. Works in Sequential order Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible.

Standard ACL - Network Diagram Creation and Implementation is done Closest to the Destination. Standard ACL - Network Diagram 10.0.0.1/8 S0 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 1.1 & 1.2 should not communicate with 2.0 network

How Standard ACL Works ? JIZ JAD RYD 1.1 is accessing 2.1 10.0.0.1/8 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 1.1 is accessing 2.1

How Standard ACL Works ? access-list 1 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.1 Source IP 192.168.1.1 Destination IP 192.168.2.1 1.1 2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any

How Standard ACL Works ? access-list 1 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.1 Destination IP 192.168.2.1 1.1 2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any

How Standard ACL Works ? JIZ JAD RYD 1.3 is accessing 2.1 10.0.0.1/8 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 1.3 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 1.3 is accessing 2.1

How Standard ACL Works ? x access-list 1 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.3 Source IP 192.168.1.3 Destination IP 192.168.2.1 1.1 2.1 x access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any

How Standard ACL Works ? access-list 1 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.3 Destination IP 192.168.2.1 Source IP 192.168.1.3 1.1 2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any x

How Standard ACL Works ? access-list 1 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.3 Source IP 192.168.1.3 Destination IP 192.168.2.1 1.1 2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any

access-list 1 permit any Source IP 192.168.1.3 Destination IP 192.168.2.1 192.168.1.1 1.1 2.1 access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any

Standard ACL - Network Diagram Creation and Implementation is done Closest to the Destination. Standard ACL - Network Diagram 10.0.0.1/8 S0 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 1.1 & 3.0 should not communicate with 2.0 network

How Standard ACL Works ? JIZ JAD RYD 1.1 is accessing 2.1 10.0.0.1/8 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 1.1 is accessing 2.1

How Standard ACL Works ? access-list 5 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.1 Source IP 192.168.1.1 Destination IP 192.168.2.1 1.1 2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

How Standard ACL Works ? access-list 5 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.1 Destination IP 192.168.2.1 1.1 2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

How Standard ACL Works ? JIZ JAD RYD 1.3 is accessing 2.1 10.0.0.1/8 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 1.3 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 1.3 is accessing 2.1

How Standard ACL Works ? x access-list 5 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.3 Source IP 192.168.1.3 Destination IP 192.168.2.1 1.3 2.1 x access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

How Standard ACL Works ? access-list 5 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.3 Destination IP 192.168.2.1 Source IP 192.168.1.3 1.3 2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any x

How Standard ACL Works ? access-list 5 deny 192.168.1.1 0.0.0.0 Source IP 192.168.1.3 Source IP 192.168.1.3 Destination IP 192.168.2.1 1.3 2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

access-list 5 permit any Source IP 192.168.1.3 Destination IP 192.168.2.1 192.168.1.1 1.3 2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

How Standard ACL Works ? JIZ JAD RYD 3.1 is accessing 2.1 10.0.0.1/8 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 3.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 3.1 is accessing 2.1

How Standard ACL Works ? x access-list 5 deny 192.168.1.1 0.0.0.0 Source IP 192.168.3.1 Source IP 192.168.3.1 Destination IP 192.168.2.1 3.1 2.1 x access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

How Standard ACL Works ? access-list 5 deny 192.168.1.1 0.0.0.0 Source IP 192.168.3.1 Source IP 192.168.3.1 Destination IP 192.168.2.1 3.1 2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

How Standard ACL Works ? access-list 5 deny 192.168.1.1 0.0.0.0 Source IP 192.168.3.1 Destination IP 192.168.2.1 3.1 2.1 access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

Extended ACL - Network Diagram Creation and Implementation is done Closest to the Source. Extended ACL - Network Diagram 10.0.0.1/8 S0 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 2.0 should not access with 3.1 (Web Service)

2.1 is accessing 3.1 - Web Service How Extended ACL Works ? 10.0.0.1/8 S0 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 2.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 2.1 is accessing 3.1 - Web Service

How Extended ACL Works ? Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 80 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 80 2.1 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any

How Extended ACL Works ? Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 80 2.1 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any

2.1 is accessing 3.1 – Telnet Service How Extended ACL Works ? 10.0.0.1/8 S0 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 2.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 2.1 is accessing 3.1 – Telnet Service

How Extended ACL Works ? x Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 2.1 3.1 x access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any

How Extended ACL Works ? Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 2.1 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any

How Extended ACL Works ? Source IP 192.168.2.1 Destination IP 192.168.3.1 Port - 23 192.168.1.1 2.1 3.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any

2.1 is accessing 1.1 - Web Service How Extended ACL Works ? 10.0.0.1/8 S0 11.0.0.1/8 S0 JIZ S1 10.0.0.2/8 JAD S1 11.0.0.2/8 RYD E0 192.168.1.150/24 E0 192.168.2.150/24 E0 192.168.3.150/24 1.1 2.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3 LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24 2.1 is accessing 1.1 - Web Service

How Extended ACL Works ? x Source IP 192.168.2.1 Destination IP 192.168.1.1 Port - 80 Source IP 192.168.2.1 Destination IP 192.168.1.1 Port - 80 2.1 1.1 x access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any

How Extended ACL Works ? Source IP 192.168.2.1 Destination IP 192.168.1.1 Port - 80 Source IP 192.168.2.1 Destination IP 192.168.1.1 Port - 80 2.1 1.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any

How Extended ACL Works ? Source IP 192.168.2.1 Destination IP 192.168.1.1 Port - 80 2.1 1.1 access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 access-list 101 permit ip any any

(IOS version 11.2 or later allows Named ACL) Named Access List Access-lists are identified using Names rather than Numbers. Names are Case-Sensitive No limitation of Numbers here. One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL)

Standard Named Access List Creation of Standard Named Access List Router(config)# ip access-list standard <name> Router(config-std-nacl)# <permit/deny> <source address> <source wildcard mask> Implementation of Standard Named Access List Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <name> <out/in>

Extended Named Access List Creation of Extended Named Access List Router(config)# ip access-list extended <name> Router(config-ext-nacl)# <permit/deny> <protocol> <source address> <source wildcard mask> <destination address> < destination wildcard mask> <operator> <service> Implementation of Extended Named Access List Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <name> <out/in>

Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\> telnet 192.168.1.150 Connecting ..... ================================ Welcome to Jizan Router User Access Verification password : **** Jizan> enable password : **** Jizan# show ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial0 R 11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:25, Serial0 C 192.168.1.0/24 is directly connected, Ethernet0 R 192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:25, Serial0 R 192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:25, Serial0 Jizan#

Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\> telnet 192.168.2.150 Connecting ..... ================================ Welcome to Jaddah Router User Access Verification password : **** Jaddah> enable password : **** Jaddah# show ip route Gateway of last resort is not set C 10.0.0.0/8 is directly connected, Serial1 C 11.0.0.0/8 is directly connected, Serial0 R 192.168.1.0/24 [120/1] via 10.0.0.1, 00:00:01, Serial1 C 192.168.2.0/24 is directly connected, Ethernet0 R 192.168.3.0/24 [120/1] via 11.0.0.2, 00:00:12, Serial0 Jaddah#

Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\> telnet 192.168.3.150 Connecting ..... ================================ Welcome to Riyadh Router User Access Verification password : **** Riyadh> enable password : **** Riyadh# show ip route Gateway of last resort is not set R 10.0.0.0/8 [120/1] via 11.0.0.1, 00:00:04, Serial1 C 11.0.0.0/8 is directly connected, Serial1 R 192.168.1.0/24 [120/2] via 11.0.0.1, 00:00:04, Serial1 R 192.168.2.0/24 [120/1] via 11.0.0.1, 00:00:04, Serial1 C 192.168.3.0/24 is directly connected, Ethernet0 Riyadh#

Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\> telnet 192.168.2.150 Connecting ..... ================================ Welcome to Jaddah Router User Access Verification password : **** Jaddah> enable password : **** Jaddah# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Jaddah(config)# interface serial 1 Jaddah(config-if)# ip address 10.0.0.2 255.0.0.0 Jaddah(config-if)# no shut Jaddah(config-if)# encapsulation hdlc Jaddah(config-if)# interface serial 0 Jaddah(config-if)# ip address 11.0.0.1 255.0.0.0 Jaddah(config-if)# no shut Jaddah(config-if)# encapsulation hdlc

Enter configuration commands, one per line. End with CNTL/Z. Jaddah# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Jaddah(config)# access-list 1 deny 192.168.1.1 0.0.0.0 Jaddah(config)# access-list 1 deny 192.168.1.2 0.0.0.0 Jaddah(config)# Creation of Standard Access List Router(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask> access-list 1 permit any Jaddah(config)# interface ethernet 0 Jaddah(config-if)# ip access-group 1 out Jaddah(config-if)# Implementation of Standard Access List Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in>

Jaddah# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Jaddah(config)# access-list 1 deny 192.168.1.1 0.0.0.0 Jaddah(config)# access-list 1 deny 192.168.1.2 0.0.0.0 Jaddah(config)# access-list 1 permit any Jaddah(config)# interface ethernet 0 Jaddah(config-if)# ip access-group 1 out Jaddah(config-if)# ^Z Jaddah# show ip access-list Standard IP access list 1 deny 192.168.1.1 deny 192.168.1.2 permit any Jaddah#

Jaddah# show ip int e0 Jaddah# Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is 1 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Jaddah#

Jaddah# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Jaddah(config)# access-list 5 deny 192.168.1.1 0.0.0.0 Jaddah(config)# access-list 5 deny 192.168.3.0 0.0.0.255 Jaddah(config)# access-list 5 permit any Jaddah(config)# interface ethernet 0 Jaddah(config-if)# ip access-group 5 out Jaddah(config-if)# ^Z Jaddah# show ip access-list Standard IP access list 5 deny 192.168.1.1 deny 192.168.3.0 permit any Jaddah#

Jaddah# show ip int e0 Jaddah# Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is 5 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Jaddah#

Enter configuration commands, one per line. End with CNTL/Z. Jaddah# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Jaddah(config)# access-list 5 deny 192.168.1.1 0.0.0.0 Jaddah(config)# access-list 5 deny 192.168.3.0 0.0.0.255 Jaddah(config)# Creation of Standard Access List Router(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask> access-list 5 permit any Jaddah(config)# interface ethernet 0 Jaddah(config-if)# ip access-group 5 out Jaddah(config-if)# Implementation of Standard Access List Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in>

Enter configuration commands, one per line. End with CNTL/Z. Jaddah# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Jaddah(config)# access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 Jaddah(config)# Creation of Extended Access List Router(config)# access-list <acl no> <permit/deny> <protocol> <source address> <source wildcard mask> <destination address> < destination wildcard mask> <operator> <service> access-list 101 permit ip any any Jaddah(config)# interface ethernet 0 Jaddah(config-if)# ip access-group 101 in Jaddah(config-if)# Implementation of Extended Access List Router(config)#interface <interface type><interface no> Router(config-if)#ip access-group <number> <out/in>

Jaddah# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Jaddah(config)# access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80 Jaddah(config)# access-list 101 permit ip any any Jaddah(config)# interface ethernet 0 Jaddah(config-if)# ip access-group 101 in Jaddah(config-if)# ^Z Jaddah# show ip access-list Extended IP access list 101 deny tcp 192.168.2.0 0.0.0.255 host 192.168.3.1 eq www permit ip any any Jaddah#

Jaddah# show ip int e0 Jaddah# Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is 101 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled Jaddah#

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.