Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

Published byTracey Norton Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching in the Enterprise – Chapter 8

2 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 2 Objectives  Describe traffic filtering and explain how Access Control Lists (ACLs) can filter traffic at router interfaces.  Analyze the use of wildcard masks.  Configure and implement ACLs.  Create and apply ACLs to control specific types of traffic.  Log ACL activity and integrate ACL best practices.

3 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 3 Describe Traffic Filtering  Analyze the contents of a packet  Allow or block the packet  Based on source IP, destination IP, MAC address, protocol, application type

4 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 4 Describe Traffic Filtering Devices providing traffic filtering:  Firewalls built into integrated routers  Dedicated security appliances  Servers

5 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 5 Describe Traffic Filtering Uses for ACLs:  Specify internal hosts for NAT  Classify traffic for QoS  Restrict routing updates, limit debug outputs, control virtual terminal access

6 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 6 Describe Traffic Filtering Possible issues with ACLs:  Increased load on router  Possible network disruption  Unintended consequences from incorrect placement

7 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 7 Describe Traffic Filtering  Standard ACLs filter based on source IP address  Extended ACLs filter on source and destination, as well as protocol and port number  Named ACLs can be either standard or extended

8 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 8 Describe Traffic Filtering  ACLs consist of statements  At least one statement must be a permit statement  Final statement is an implicit deny  ACL must be applied to an interface in order to work

9 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 9 Describe Traffic Filtering  ACL is applied inbound or outbound  Direction is from the router’s perspective  Each interface can have one ACL per direction for each network protocol

10 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 10 Analyze the Use of Wildcard Masks  Wildcard mask can block a range of addresses or a whole network with one statement  0s indicate which part of an IP address must match the ACL  1s indicate which part does not have to match specifically

11 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 11 Analyze the Use of Wildcard Masks  Use the host parameter in place of a 0.0.0.0 wildcard  Use the any parameter in place of a 255.255.255.255 wildcard

12 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 12 Configure and Implement Access Control Lists  Determine traffic filtering requirements  Decide which type of ACL to use  Determine the router and interface on which to apply the ACL  Determine in which direction to filter traffic

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 13 Configure and Implement Access Control Lists: Numbered Standard ACL  Use access-list command to enter statements  Use the same number for all statements  Number ranges: 1-99, 1300-1999  Apply as close to the destination as possible

14 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 14 Configure and Implement Access Control Lists: Numbered Extended ACL  Use access-list command to enter statements  Use the same number for all statements  Number ranges: 100-199, 2000-2699  Specify a protocol to permit or deny  Place as close to the source as possible

15 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 15 Configure and Implement Access Control Lists: Named ACLs  Descriptive name replaces number range  Use ip access-list command to enter initial statement  Start succeeding statements with either permit or deny  Apply in the same way as standard or extended ACL

16 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 16 Configure and Implement Access Control Lists: VTY access  Create the ACL in line configuration mode  Use the access-class command to initiate the ACL  Use a numbered ACL  Apply identical restrictions to all VTY lines

17 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 17 Create and Apply ACLs to Control Specific Types of Traffic  Use a specified condition when filtering on port numbers: eq, lt, gt  Deny all appropriate ports for multi-port applications like FTP  Use the range operator to filter a group of ports

18 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 18 Create and Apply ACLs to Control Specific Types of Traffic  Block harmful external traffic while allowing internal users free access  Ping: allow echo replies while denying echo requests from outside the network  Stateful Packet Inspection

19 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 19 Create and Apply ACLs to Control Specific Types of Traffic  Account for NAT when creating and applying ACLs to a NAT interface  Filter public addresses on a NAT outside interface  Filter private addresses on a NAT inside interface

20 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 20 Create and Apply ACLs to Control Specific Types of Traffic  Examine every ACL one line at a time to avoid unintended consequences

21 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 21 Create and Apply ACLs to Control Specific Types of Traffic  Apply ACLs to VLAN interfaces or subinterfaces just as with physical interfaces

22 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 22 Log ACL Activity and ACL Best Practices  Logging provides additional details on packets denied or permitted  Add the log option to the end of each ACL statement to be tracked

23 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 23 Log ACL Activity and ACL Best Practices Syslog messages:  Status of router interfaces  ACL messages  Bandwidth, protocols in use, configuration events

24 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 24 Log ACL Activity and ACL Best Practices  Always test basic connectivity before applying ACLs  Add deny ip any to the end of an ACL when logging  Use reload in 30 when testing ACLs on remote routers

25 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 25 Summary  ACLs enable traffic management and secure access to and from a network and its resources  Apply an ACL to filter inbound or outbound traffic  ACLs can be standard, extended, or named  Using a wildcard mask provides flexibility  There is an implicit deny statement at the end of an ACL  Account for NAT when creating and applying ACLs  Logging provides additional details on filtered traffic

26 © 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 26

Download ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.

NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 

1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
CCNA 2 v3.1 Module 11.

CCNA 2 v3.1 Module 11.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen

1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen

Similar presentations

Ads by Google