Acl Introduction
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Acl Introduction as PDF for free.
More details
- Words: 847
- Pages: 14
Access Control Lists
STANDARD ACCESS CONTROL LISTS Are number from 1 to 99 Filter (permit or deny) only source addresses Do not have any destination information so it must be placed as close to the destination as possible Work at layer 3 of the OSI model
Why Standard ACLs are placed close to the destination? If you want to block traffic from Juan’s computer from reaching Janet’s computer with the standard access list, you would place the ACL close to the destination on Router D, interface E0. Since, it is using only the source address to permit or deny packets. The ACL here will not affect packets reaching Routers B and C. Router D Router B
Router A
S1
ACL here
S0
S0 E0
S1
Router C S1
E0
S0
E0 E0 E0
Janet’s computer
Juan’s computer If you place the ACL on Router A to block traffic to Router D, it will also block all packets going to Routers B and C because all the packets will have the same source address
Standard Access List Placement Sample Problems PROBLEM # 1 Router A FA0
Juan’s computer
FA1
Jan’s computer
In order to permit packets from Juan’s computer to arrive at Jan’s computer, you would place the standard access list at FA1 router interface _____________.
Standard Access List Placement Sample Problems PROBLEM # 2 Router B
Router A FA0
Ericka’s computer
S1 S0
FA1
Poolo’s computer
Ericka has been sending unnecessary information to Paolo. Where would you place the standard ACL to deny all traffic from Ericka to Paolo? Router B FA1 Router Name ______________ Interface ____________ Where would you Router place theAstandard ACL to deny all traffic from Paolo to FA0 Ericka? Router Name ______________ Interface ____________
Standard Access List Placement : EXERCISE Router A E0 Ricky’s computer
S1
Router B S0
S0
Router C FA1 S1
S1
George’s computer
Jenny’s computer S1
Amanda’s computer
E0
Router D
Carol’s compute
Jeff’s computer
S0
Kathy’s computer
Jim’s computer
Linda’s computer
S1
S0
E0
S1
FA1
Router F
Router E Sarah’s computer
Jackie’s computer
Melvin’s computer
EXTENDED ACCESS CONTROL LIST Are numbered from 100 to 199 Filter (permit or deny) based on : source address, destination address, protocol and port number Are placed close to the source Work at both Layers 3 and 4 of the OSI model
Why Extended ACLs are placed close to the source? If you want to block traffic from Juan’s computer from reaching Janet’s computer with the extended access list, you would place the ACL close to the source on Router A, interface E0. Since it can permit or deny packets based the destination address, it can reduce backbone overhead and not affect traffic in Routers B and C.Router D Router B
Router A
E0
S1
S0
S0 ACL here
E0
S1
Router C S1
E0
S0 E0
Janet’s computer
Juan’s computer If you place the ACL on Router D to block the traffic from Router A, it will work. However, Routers B and C will have to route the packet before it is finally blocked at Router D. This increases the volume of useless network traffic
Extended Access List Placement Sample Problems PROBLEM # 1 Router A E0
Juan’s computer
E1
Jan’s computer
In order to permit packets from Juan’s computer to arrive at Jan’s computer, you would place the standard access list at E0 router interface _____________.
Extended Access List Placement Sample Problems PROBLEM # 2 Router B
Router A FA0
Ericka’s computer
S1 S0
FA1
Poolo’s computer
Ericka has been sending unnecessary information to Paolo. Where would you place the standard ACL to deny all traffic from Ericka to Router A FA0 Paolo? Router Name ______________ Interface ____________ FA1 Where would you Router place theBstandard ACL to deny all traffic from Paolo to Ericka? Router Name ______________ Interface ____________
EXTENDED Access List Placement : EXERCISE Router A E0 Ricky’s computer
S1
Router B S0
S0
Router C FA1 S1
S1
George’s computer
Jenny’s computer S1
Amanda’s computer
E0
Router D
Carol’s compute
Jeff’s computer
S0
Kathy’s computer
Jim’s computer
Linda’s computer
S1
S0
E0
S1
FA1
Router F
Router E Sarah’s computer
Jackie’s computer
Melvin’s computer
Breakdown of a Standard ACL Statement wildcard mask
permit or deny
access-list
1
permit
accesslist # (199)
192.168.90.36 source address
source address
permit or deny
access-list accesslist # (199)
0.0.0.0
78
deny Indicates a specific host address
host
192.168.90.36
Breakdown of an Extended ACL Statement Destination address
source address
permit or deny
access-list 125 permit ip 192.168.90.36 192.175.63.12 0.0.0.0 access-list # (100199)
Protocol icmp,tcp,u dp,ip etc
permit or deny
Indicates a specific host address
access-list 178 deny 192.175.63.12 access-list # (100199)
Source wildcard mask
Protocol icmp,tcp,u dp,ip etc
destination wildcard mask
Indicates a specific host address
tcp
host
0.0.0.0
destination address
192.168.90.36
source address
Protocols include: IP,TCP,UDP,ICMP,IGMP,IGRP,EIGRP,OSPF. To match any internet protocol, use IP
host
GIVEN:
ess-list 125 permit ip 192.168.90.36 0.0.0.0 192.175.63.0 0.0 10) 125 -
___________________
11) ip -
___________________
12) 192.168.90.36 -
___________________
13) 0.0.0.0 - ___________________ 14) 192.175.63.0 15) 0.0.0.255 -
___________________ ___________________
STANDARD ACCESS CONTROL LISTS Are number from 1 to 99 Filter (permit or deny) only source addresses Do not have any destination information so it must be placed as close to the destination as possible Work at layer 3 of the OSI model
Why Standard ACLs are placed close to the destination? If you want to block traffic from Juan’s computer from reaching Janet’s computer with the standard access list, you would place the ACL close to the destination on Router D, interface E0. Since, it is using only the source address to permit or deny packets. The ACL here will not affect packets reaching Routers B and C. Router D Router B
Router A
S1
ACL here
S0
S0 E0
S1
Router C S1
E0
S0
E0 E0 E0
Janet’s computer
Juan’s computer If you place the ACL on Router A to block traffic to Router D, it will also block all packets going to Routers B and C because all the packets will have the same source address
Standard Access List Placement Sample Problems PROBLEM # 1 Router A FA0
Juan’s computer
FA1
Jan’s computer
In order to permit packets from Juan’s computer to arrive at Jan’s computer, you would place the standard access list at FA1 router interface _____________.
Standard Access List Placement Sample Problems PROBLEM # 2 Router B
Router A FA0
Ericka’s computer
S1 S0
FA1
Poolo’s computer
Ericka has been sending unnecessary information to Paolo. Where would you place the standard ACL to deny all traffic from Ericka to Paolo? Router B FA1 Router Name ______________ Interface ____________ Where would you Router place theAstandard ACL to deny all traffic from Paolo to FA0 Ericka? Router Name ______________ Interface ____________
Standard Access List Placement : EXERCISE Router A E0 Ricky’s computer
S1
Router B S0
S0
Router C FA1 S1
S1
George’s computer
Jenny’s computer S1
Amanda’s computer
E0
Router D
Carol’s compute
Jeff’s computer
S0
Kathy’s computer
Jim’s computer
Linda’s computer
S1
S0
E0
S1
FA1
Router F
Router E Sarah’s computer
Jackie’s computer
Melvin’s computer
EXTENDED ACCESS CONTROL LIST Are numbered from 100 to 199 Filter (permit or deny) based on : source address, destination address, protocol and port number Are placed close to the source Work at both Layers 3 and 4 of the OSI model
Why Extended ACLs are placed close to the source? If you want to block traffic from Juan’s computer from reaching Janet’s computer with the extended access list, you would place the ACL close to the source on Router A, interface E0. Since it can permit or deny packets based the destination address, it can reduce backbone overhead and not affect traffic in Routers B and C.Router D Router B
Router A
E0
S1
S0
S0 ACL here
E0
S1
Router C S1
E0
S0 E0
Janet’s computer
Juan’s computer If you place the ACL on Router D to block the traffic from Router A, it will work. However, Routers B and C will have to route the packet before it is finally blocked at Router D. This increases the volume of useless network traffic
Extended Access List Placement Sample Problems PROBLEM # 1 Router A E0
Juan’s computer
E1
Jan’s computer
In order to permit packets from Juan’s computer to arrive at Jan’s computer, you would place the standard access list at E0 router interface _____________.
Extended Access List Placement Sample Problems PROBLEM # 2 Router B
Router A FA0
Ericka’s computer
S1 S0
FA1
Poolo’s computer
Ericka has been sending unnecessary information to Paolo. Where would you place the standard ACL to deny all traffic from Ericka to Router A FA0 Paolo? Router Name ______________ Interface ____________ FA1 Where would you Router place theBstandard ACL to deny all traffic from Paolo to Ericka? Router Name ______________ Interface ____________
EXTENDED Access List Placement : EXERCISE Router A E0 Ricky’s computer
S1
Router B S0
S0
Router C FA1 S1
S1
George’s computer
Jenny’s computer S1
Amanda’s computer
E0
Router D
Carol’s compute
Jeff’s computer
S0
Kathy’s computer
Jim’s computer
Linda’s computer
S1
S0
E0
S1
FA1
Router F
Router E Sarah’s computer
Jackie’s computer
Melvin’s computer
Breakdown of a Standard ACL Statement wildcard mask
permit or deny
access-list
1
permit
accesslist # (199)
192.168.90.36 source address
source address
permit or deny
access-list accesslist # (199)
0.0.0.0
78
deny Indicates a specific host address
host
192.168.90.36
Breakdown of an Extended ACL Statement Destination address
source address
permit or deny
access-list 125 permit ip 192.168.90.36 192.175.63.12 0.0.0.0 access-list # (100199)
Protocol icmp,tcp,u dp,ip etc
permit or deny
Indicates a specific host address
access-list 178 deny 192.175.63.12 access-list # (100199)
Source wildcard mask
Protocol icmp,tcp,u dp,ip etc
destination wildcard mask
Indicates a specific host address
tcp
host
0.0.0.0
destination address
192.168.90.36
source address
Protocols include: IP,TCP,UDP,ICMP,IGMP,IGRP,EIGRP,OSPF. To match any internet protocol, use IP
host
GIVEN:
ess-list 125 permit ip 192.168.90.36 0.0.0.0 192.175.63.0 0.0 10) 125 -
___________________
11) ip -
___________________
12) 192.168.90.36 -
___________________
13) 0.0.0.0 - ___________________ 14) 192.175.63.0 15) 0.0.0.255 -
___________________ ___________________
Related Documents
Acl Introduction
May 2020 4
Acl
November 2019 15
Acl
November 2019 22
Acl
October 2019 16
Practica Acl
November 2019 12
Acl Review
May 2020 2More Documents from ""
Wans And Router Basics
May 2020 5