Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
Measures of Dispersion and Variability: Range, QD, AD and SD
Cisco CCNA-Standard Access List
1. CISCO CCNA
Standard Access List
To watch our Cisco CCNA Training Videos Please Check out the link below:
www.asmed.com/c1
ASM Educational Center Inc. (ASM)
Where Training, Technology & Service Converge
Phone: (301) 984-7400
3. CISCO CCNA-Standard Access List
here are two kinds of ACL :
Standard ACL – in here we are only talking about the source
Extended ACL – in here we are talking about the source and Destination
and most of time you see the port number
Http=80
FTP=21
TELNET=23
SMTP= 25 (to send the e-mail)
POP3=110 (to retrieve your e-mail)
4. CISCO CCNA-Standard Access List
Hint:
THE ACL is two-step process:
Step 1) Write all your ACL
Step 2) You go to interface and apply it
int s0/0
ip access-group ?
5. CISCO CCNA-Standard Access List
Now I will do a LAB
Goal is that the sales LAN =10.10.10.0/24 will not be able to access the
EGR LAN= 30.30.30.0/24
Pre step 1) what kind Of ACL?
Standard ACL- since It talk about the source if it says I do not want SALES Lan cannot access
the webserver=30.30.30.200 (port 80)
that will be extended ACL …why >? Since I am talking about both source and destination
6. CISCO CCNA-Standard Access List
Step 1) I go to R1 and Write my ACL R1#
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#acc
R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
R1(config)#access-list 3 ?
deny Specify packets to reject
permit Specify packets to forward
7. CISCO CCNA-Standard Access List
remark Access list entry comment
R1(config)#access-list 3 den
R1(config)#access-list 3 deny ?
A.B.C.D Address to match
any Any source host
host A single host address
R1(config)#access-list 3 deny 10.10.10.0 ?
A.B.C.D Wildcard bits
<cr>
R1(config)#access-list 3 deny 10.10.10.0 0.0.0.255
8. CISCO CCNA-Standard Access List
Hint:
Make sure you will have a permit statement at end of it why?
Since there is an implicit deny at the end of ACL;
R1(config)#acc
R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
R1(config)#access-list 3 ?
9. CISCO CCNA-Standard Access List
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
R1(config)#access-list 3 per
10. CISCO CCNA-Standard Access List
R1(config)#access-list 3 permit ?
A.B.C.D Address to match
any Any source host
host A single host address
R1(config)#access-list 3 permit any ?
<cr>
R1(config)#access-list 3 permit any
R1(config)#
11. CISCO CCNA-Standard Access List
Let’s look at show run
access-list 3 deny 10.10.10.0 0.0.0.255
access-list 3 permit any
12. CISCO CCNA-Standard Access List
NOW step 2) is to apply it to int s0/0
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s0/0
R1(config-if)#ip acc
R1(config-if)#ip access-group ?
<1-199> IP access list (standard or extended)
13. CISCO CCNA-Standard Access List
WORD Access-list name
R1(config-if)#ip access-group 3 ?
in inbound packets
out outbound packets
R1(config-if)#ip access-group 3 out ?
<cr>
R1(config-if)#ip access-group 3 out
R1(config-if)#
14. CISCO CCNA-Standard Access List
Here is my show run so far
R1#show run
!
interface Serial0/0
ip address 20.20.20.9 255.255.255.252
ip access-group 3 out
clock rate 64000
access-list 3 deny 10.10.10.0 0.0.0.255
access-list 3 permit any
15. CISCO CCNA-Standard Access List
As we see I cannot ping the other Lan
PC>ping 30.30.30.4
Pinging 30.30.30.4 with 32 bytes of data:
Reply from 10.10.10.100: Destination host unreachable.
Reply from 10.10.10.100: Destination host unreachable.
Reply from 10.10.10.100: Destination host unreachable.
Reply from 10.10.10.100: Destination host unreachable.
Ping statistics for 30.30.30.4:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
16. CISCO CCNA-Standard Access List
Here I ping and I see it did not work and I see the result
R1#show access-lists
Standard IP access list 3
deny 10.10.10.0 0.0.0.255 (4 match(es))
permit any
R1#show access-lists
Standard IP access list 3
deny 10.10.10.0 0.0.0.255 (8 match(es))
permit any
17. ASM Educational Center Inc. (ASM)
Where Training, Technology & Service Converge
To watch our Cisco CCNA Video Trainings Please Check out the link below:
www.asmed.com/c1
Phone: (301) 984-7400