1. 1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 9 Intermediate TCP/IP/ Access Control Lists (ACLs)

2. 222 © 2004, Cisco Systems, Inc. All rights reserved. Objectives

3. 333 © 2004, Cisco Systems, Inc. All rights reserved. TCP Operation The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination.

4. 444 © 2004, Cisco Systems, Inc. All rights reserved. Synchronization or Three-Way Handshake

5. 555 © 2004, Cisco Systems, Inc. All rights reserved. Denial-of-Service Attacks

6. 666 © 2004, Cisco Systems, Inc. All rights reserved. Simple Windowing

7. 777 © 2004, Cisco Systems, Inc. All rights reserved. TCP Sequence and Acknowledgment Numbers

8. 888 © 2004, Cisco Systems, Inc. All rights reserved. Positive ACK Acknowledgement is a common step in the synchronization process which includes sliding windows and data sequencing.

9. 999 © 2004, Cisco Systems, Inc. All rights reserved. Protocol Graph: TCP/IP

10. 10 © 2004, Cisco Systems, Inc. All rights reserved. UDP Segment Format

11. 11 © 2004, Cisco Systems, Inc. All rights reserved. Port Numbers

12. 12 © 2004, Cisco Systems, Inc. All rights reserved. Telnet Port Numbers

13. 13 © 2004, Cisco Systems, Inc. All rights reserved. Reserved TCP and UDP Port Numbers

14. 14 © 2004, Cisco Systems, Inc. All rights reserved. Ports for Clients Whenever a client connects to a service on a server, a source and destination port must be specified. TCP and UDP segments contain fields for source and destination ports.

15. 15 © 2004, Cisco Systems, Inc. All rights reserved. Port Numbering and Well-Known Port Numbers Port numbers are divided into three different categories: well-known ports registered ports dynamic or private ports

16. 16 © 2004, Cisco Systems, Inc. All rights reserved. Port Numbers and Socket

17. 17 © 2004, Cisco Systems, Inc. All rights reserved. Comparison of MAC addresses, IP addresses, and port numbers A good analogy can be made with a normal letter. The name on the envelope would be equivalent to a port number, the street address is the MAC, and the city and state is the IP address.

18. 18 © 2004, Cisco Systems, Inc. All rights reserved. Summary

19. 19 © 2004, Cisco Systems, Inc. All rights reserved. Access Control Lists (ACLs)

20. 20 © 2004, Cisco Systems, Inc. All rights reserved. Objectives

21. 21 © 2004, Cisco Systems, Inc. All rights reserved. What are ACLs? ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.

22. 22 © 2004, Cisco Systems, Inc. All rights reserved. How ACLs Work

23. 23 © 2004, Cisco Systems, Inc. All rights reserved. Protocols with ACLs Specified by Numbers

24. 24 © 2004, Cisco Systems, Inc. All rights reserved. Creating ACLs

25. 25 © 2004, Cisco Systems, Inc. All rights reserved. The Function of a Wildcard Mask

26. 26 © 2004, Cisco Systems, Inc. All rights reserved. Verifying ACLs There are many show commands that will verify the content and placement of ACLs on the router. show ip interface show access-lists Show running-config

27. 27 © 2004, Cisco Systems, Inc. All rights reserved. Standard ACLs

28. 28 © 2004, Cisco Systems, Inc. All rights reserved. Extended ACLs

29. 29 © 2004, Cisco Systems, Inc. All rights reserved. Named ACLs

30. 30 © 2004, Cisco Systems, Inc. All rights reserved. Placing ACLs Standard ACLs should be placed close to the destination. Extended ACLs should be placed close to the source.

31. 31 © 2004, Cisco Systems, Inc. All rights reserved. Firewalls A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders.

32. 32 © 2004, Cisco Systems, Inc. All rights reserved. Restricting Virtual Terminal Access

33. 33 © 2004, Cisco Systems, Inc. All rights reserved. Summary

34. 34 © 2004, Cisco Systems, Inc. All rights reserved. Question/Answer