1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 9 Intermediate TCP/IP/ Access Control Lists (ACLs)

222 © 2004, Cisco Systems, Inc. All rights reserved. Objectives

333 © 2004, Cisco Systems, Inc. All rights reserved. TCP Operation The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination.

444 © 2004, Cisco Systems, Inc. All rights reserved. Synchronization or Three-Way Handshake

555 © 2004, Cisco Systems, Inc. All rights reserved. Denial-of-Service Attacks

666 © 2004, Cisco Systems, Inc. All rights reserved. Simple Windowing

777 © 2004, Cisco Systems, Inc. All rights reserved. TCP Sequence and Acknowledgment Numbers

888 © 2004, Cisco Systems, Inc. All rights reserved. Positive ACK Acknowledgement is a common step in the synchronization process which includes sliding windows and data sequencing.

999 © 2004, Cisco Systems, Inc. All rights reserved. Protocol Graph: TCP/IP

10 © 2004, Cisco Systems, Inc. All rights reserved. UDP Segment Format

11 © 2004, Cisco Systems, Inc. All rights reserved. Port Numbers

12 © 2004, Cisco Systems, Inc. All rights reserved. Telnet Port Numbers

13 © 2004, Cisco Systems, Inc. All rights reserved. Reserved TCP and UDP Port Numbers

14 © 2004, Cisco Systems, Inc. All rights reserved. Ports for Clients Whenever a client connects to a service on a server, a source and destination port must be specified. TCP and UDP segments contain fields for source and destination ports.

15 © 2004, Cisco Systems, Inc. All rights reserved. Port Numbering and Well-Known Port Numbers Port numbers are divided into three different categories: well-known ports registered ports dynamic or private ports

16 © 2004, Cisco Systems, Inc. All rights reserved. Port Numbers and Socket

17 © 2004, Cisco Systems, Inc. All rights reserved. Comparison of MAC addresses, IP addresses, and port numbers A good analogy can be made with a normal letter. The name on the envelope would be equivalent to a port number, the street address is the MAC, and the city and state is the IP address.

18 © 2004, Cisco Systems, Inc. All rights reserved. Summary

19 © 2004, Cisco Systems, Inc. All rights reserved. Access Control Lists (ACLs)

20 © 2004, Cisco Systems, Inc. All rights reserved. Objectives

21 © 2004, Cisco Systems, Inc. All rights reserved. What are ACLs? ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.

22 © 2004, Cisco Systems, Inc. All rights reserved. How ACLs Work

23 © 2004, Cisco Systems, Inc. All rights reserved. Protocols with ACLs Specified by Numbers

24 © 2004, Cisco Systems, Inc. All rights reserved. Creating ACLs

25 © 2004, Cisco Systems, Inc. All rights reserved. The Function of a Wildcard Mask

26 © 2004, Cisco Systems, Inc. All rights reserved. Verifying ACLs There are many show commands that will verify the content and placement of ACLs on the router. show ip interface show access-lists Show running-config

27 © 2004, Cisco Systems, Inc. All rights reserved. Standard ACLs

28 © 2004, Cisco Systems, Inc. All rights reserved. Extended ACLs

29 © 2004, Cisco Systems, Inc. All rights reserved. Named ACLs

30 © 2004, Cisco Systems, Inc. All rights reserved. Placing ACLs Standard ACLs should be placed close to the destination. Extended ACLs should be placed close to the source.

31 © 2004, Cisco Systems, Inc. All rights reserved. Firewalls A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders.

32 © 2004, Cisco Systems, Inc. All rights reserved. Restricting Virtual Terminal Access

33 © 2004, Cisco Systems, Inc. All rights reserved. Summary

34 © 2004, Cisco Systems, Inc. All rights reserved. Question/Answer