Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to."— Presentation transcript:

1 Standard, Extended and Named ACL

2  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to control access ◦ Types of Cisco ACLs.  Standard ACL  Extended ACL  Named ACL

3  An ACL is a router configuration script that controls whether a router permits or denies packets  By default, a router does not have any ACLs configured and therefore does not filter traffic.

4  These are examples of IP ACLs that can be configured in Cisco IOS Software: ◦ Standard ACLs ◦ Extended ACLs ◦ IP-named ACLs ◦ And Others

5  Use ACLs in firewall routers positioned between your internal network and an external network such as the Internet.  Use ACLs on a router positioned between two parts of your network to control traffic entering or exiting a specific part of your internal network.  Configure ACLs on border routers, the routers situated at the edges of your networks to act as a buffer from the outside network

6 ACL Operation - Inbound ACLs  ACL statements operate in sequential order.  If a packet header and an ACL statement match, the rest of the statements in the list are skipped  If a packet header does not match an statement, the packet is tested against the next statement in the list.  A final implied (IMPLICIT DENY) statement covers all packets for which conditions did not test true.

7 # access-list 99 deny 192.168.10.0 0.0.0.255 # access-list 99 permit any

8  Extended ACLs ◦ Extended ACLs filter IP packets based on several attributes,  protocol type,  source and IP address, destination IP address,  source TCP or UDP ports, destination TCP or UDP ports ◦ In the figure, ACL 102 deny FTP and Telnet traffic originating from any address on the 192.168.10.0/24 from leaving the network

9 Access-list 102 deny tcp 192.168.10.0 0.0.0.255 any eq telnet Access-list 102 deny tcp 192.168.10.0 0.0.0.255 any eq ftp Access-list 102 permit any Apply access list ‘inbound’ to Fa 0/1 interface of R1

10

11

12

13

14

15  Deny all traffic from private IP address  Allow all IP sessions already established with the ack bit turned.  deny anyone from entering your network from the outside with an internal address (spoofing your network) and log each packet occurrence.  deny the infamous Donald Dick and Prosiak ports.  deny the Deepthroat and Sockets des Troie ports.  deny any snmp requests from the outside. SNMP is a valuable tool to hackers for network discovery.  permits packets that were not previously rejected to enter your network.

16 1. access-list 100 deny ip 10.0.0.0 0.255.255.255 any log 2. access-list 100 deny ip 172.16.0.0 0.15.255.255 any log 3. access-list 100 deny ip 192.168.0.0 0.0.255.255 any log 4. access-list 100 deny ip any host 127.0.0.1 log 5. access-list 100 permit ip any [your network IP address] [your network mask] est 6. access-list 100 deny ip [your network IP address] [your network mask] any log 7. access-list 100 deny tcp any any eq 22222 log 8. access-list 100 deny tcp any any range 60000 60020 log 9. access-list 100 deny udp any any eq snmp log 10. access-list 100 permit ip any any

17  Entry 5—“permit ip any [your network IP address] [your network mask] est”— automatically allows all IP sessions already established with the ack bit turned. The purpose of this entry is to ensure that if your firewall allows a connection request to leave your network, the router doesn’t stop its return.  Entry 6—“deny ip [your network IP address] [your network mask] any log”—denies anyone from entering your network from the outside with an internal address (spoofing your network) and logs each packet occurrence. This is very important for good security.  Entry 7—“deny tcp any any eq 22222 log”—denies the infamous Donald Dick and Prosiak ports.  Entry 8—“deny tcp any any range 60000 60020 log”—denies the Deepthroat and Sockets des Troie ports.  Entry 9—“deny udp any any eq snmp log”—denies any snmp requests from the outside. SNMP is a valuable tool to hackers for network discovery.  Entry 10—“permit ip any any”—permits packets that were not previously rejected to enter your network.

18

19

Download ppt "Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.

NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 

1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
CCNA 2 v3.1 Module 11.

CCNA 2 v3.1 Module 11.
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Access Lists Lists of conditions that control access.

Access Lists Lists of conditions that control access.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen

1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen


1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.

Similar presentations

Ads by Google