1 © 2004 cisco systems, inc. all rights reserved. ccna 2 v3.1 module 11 access control lists (acls)
Post on 21-Dec-2015
220 views
TRANSCRIPT
![Page 1: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/1.jpg)
1© 2004 Cisco Systems, Inc. All rights reserved.
CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
![Page 2: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/2.jpg)
222© 2004, Cisco Systems, Inc. All rights reserved.
Objectives
![Page 3: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/3.jpg)
333© 2004, Cisco Systems, Inc. All rights reserved.
What are ACLs?
• ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.
![Page 4: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/4.jpg)
444© 2004, Cisco Systems, Inc. All rights reserved.
How ACLs Work
![Page 5: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/5.jpg)
555© 2004, Cisco Systems, Inc. All rights reserved.
Protocols with ACLs Specified by Numbers
![Page 6: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/6.jpg)
666© 2004, Cisco Systems, Inc. All rights reserved.
Define an ACL & Apply it
Wildcard Mask
Deny all packetsfrom 172.16.1.1
access-listnumber
Apply ACL #2to interface e0
Apply to allIncoming packets
![Page 7: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/7.jpg)
777© 2004, Cisco Systems, Inc. All rights reserved.
The Function of a Wildcard Mask
![Page 8: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/8.jpg)
888© 2004, Cisco Systems, Inc. All rights reserved.
Verifying ACLs
• There are many show commands that will verify the content and placement of ACLs on the router.
show ip interface
show access-lists
Show running-config
![Page 9: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/9.jpg)
999© 2004, Cisco Systems, Inc. All rights reserved.
Standard ACLs
![Page 10: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/10.jpg)
101010© 2004, Cisco Systems, Inc. All rights reserved.
Extended ACLsSource IP addrplus wildcard
DestinationIP addr.
![Page 11: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/11.jpg)
111111© 2004, Cisco Systems, Inc. All rights reserved.
Named ACLs
單一主機
![Page 12: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/12.jpg)
121212© 2004, Cisco Systems, Inc. All rights reserved.
Placing ACLs
• Standard ACLs should be placed close to the destination.
• Extended ACLs should be placed close to the source.
![Page 13: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/13.jpg)
131313© 2004, Cisco Systems, Inc. All rights reserved.
Firewalls
A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders.
![Page 14: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/14.jpg)
141414© 2004, Cisco Systems, Inc. All rights reserved.
Restricting Virtual Terminal Access
![Page 15: 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56649d625503460f94a45098/html5/thumbnails/15.jpg)
151515© 2004, Cisco Systems, Inc. All rights reserved.
Summary