Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2000 C. Dodge Access Control List Wildcards (Inverse Mask) Computer Networking II.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright 2000 C. Dodge Access Control List Wildcards (Inverse Mask) Computer Networking II."— Presentation transcript:

1 Copyright 2000 C. Dodge Access Control List Wildcards (Inverse Mask) Computer Networking II

2 Access List Statement - Format 4 Standard Access List –access-list # permit/deny source IP wildcard # - 1-99 (inverse mask) permit/deny - switch the packet or drop it source IP - source IP address to which the packet should be compared. Can also use ANY wildcard (inverse mask)- see next slides

3 Wildcards (Inverse Mask) 4 Allows you to indicate a host, subnet, network or range of IP addresses 4 The two binary values in the wildcard have different meanings: –0 = Must Match Exactly –1 = Ignore

4 ACL Examples 4 Standard Access List Format –access-list # permit/deny source IP wildcard 4 Sample: A(config)#access-list 5 deny 172.22.5.2 0.0.0.0 A(config)#access-list 5 deny 172.22.5.3 0.0.0.0 A(config)#access-list 5 permit any So what does this access list do?

5 What this access list does: deny 172.22.5.2 0.0.0.0 Action Source IP Wildcard to beAddressMatch the source IP taken Exactly If a packet from 172.22.5.2 comes to this router it will be discarded. According to the next line a packet from host 172.22.5.3 will also be discarded A(config)#access-list 5 deny 172.22.5.3 0.0.0.0 A(config)#access-list 5 permit any This last line lets all other traffic through

6 ACL Examples Sample: A(config)#access-list 5 deny 172.22.5.2 0.0.0.0 A(config)#access-list 5 deny 172.22.5.3 0.0.0.0 A(config)#access-list 5 permit any What happens if you now type in the following: A(config)#access-list 5 deny 172.22.5.4 0.0.0.0?

7 ACL Examples Results of new access-list statement: A(config)#access-list 5 deny 172.22.5.2 0.0.0.0 A(config)#access-list 5 deny 172.22.5.3 0.0.0.0 A(config)#access-list 5 permit any A(config)#access-list 5 deny 172.22.5.4 0.0.0.0 Why does the last line have no affect? How could you correct this situation?

8 Wildcard Examples Source IP Wildcard 4 195.34.5.120.0.0.0 4 Result: Match all four octets 4 Only 195.34.5.12 is a match 4 Could also use host 195.34.5.12 in place of the wildcard. Host indicates an exact match is needed.

9 Wildcard Examples Source IP Wildcard 172.16.10.00.0.0.255 Result: Match the first three octets exactly (inverse mask values of 0 = match exactly) but ignore the last octet (255=all 1’s in binary) 172.16.10.0 thru 172.16.10.255 is a match so any value between these two values is permitted. Any packet from subnet 172.16.10.0 is permitted.

10 Wildcard Examples Source IP Wildcard 172.16.10.00.0.31.255 Concentrate on the third octet 31 in binary is 00011111 must matchdon’t care 10 in binary is 00001010 So the first three bits must be 0’s and the last 5 bits do not matter. So acceptable values are 172.16.0.0 through 172.16.31.255

11 So acceptable values are 172.16.0.0 through 172.16.31.255 A value of 172.16.32.0 would not match because 32 in binary = 00100000 and this does not match the first three digits. 31 in binary is 00011111 must matchdon’t care 10 in binary is 00001010

12 Change the 10 to 64 Source IP Wildcard 172.16.64.00.0.31.255 Concentrate on the third octet 31 in binary is 00011111 must matchdon’t care 64 in binary is 01000000 So the first three bits must be 010 and the last 5 bits do not matter. So acceptable values are?

13 Change the 10 to 64 Source IP Wildcard 172.16.64.00.0.31.255 Concentrate on the third octet 31 in binary is 00011111 must matchdon’t care 64 in binary is 01000000 Acceptable values are 01000000 = 64 through 01011111 = 95

14 Try this one Source IP Wildcard 10.0.0.0 0.0.255.255 The first two octets must match so all IP addresses that start with 10.0 are matches. The range is 10.0.0.0 through 10.0.255.255

15 Summary: Wildcards 4 Are used to indicate a host, subnet, network or range of IP addresses 4 1 = Ignore (a 1 looks like an I in Ignore) 4 0 = Must match exactly

Download ppt "Copyright 2000 C. Dodge Access Control List Wildcards (Inverse Mask) Computer Networking II."

Similar presentations

Access Control Lists. Types Standard Extended Standard ACLs Use only the packets source address for comparison 1-99.

Access Control Lists. Types Standard Extended Standard ACLs Use only the packets source address for comparison 1-99.
Access Control List (ACL)

Access Control List (ACL)
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
Chapter 21 Exercises 1. A router forwards packets between networks. (Given a destination host address, it must be able to figure out which network that.

Chapter 21 Exercises 1. A router forwards packets between networks. (Given a destination host address, it must be able to figure out which network that.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
OUR SUBNET PLANNING MISSION: We have been assigned an address of 201.222.5.0. Assume 20 subnets are needed, with 5 hosts per subnet. Our mission is to.

OUR SUBNET PLANNING MISSION: We have been assigned an address of Assume 20 subnets are needed, with 5 hosts per subnet. Our mission is to.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 

1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
Hands-On Microsoft Windows Server 2003 Networking Chapter Four Subnetting.

Hands-On Microsoft Windows Server 2003 Networking Chapter Four Subnetting.
Institute of Technology, Sligo Dept of Computing Access Control Lists Semester 3, Chapter 6.

Institute of Technology, Sligo Dept of Computing Access Control Lists Semester 3, Chapter 6.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Access Lists Lists of conditions that control access.

Access Lists Lists of conditions that control access.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
Information & Communication Technology

Information & Communication Technology

Similar presentations

Ads by Google