[2024]Digital Global Overview Report 2024 Meltwater.pdf
CCNA ppt Day 7
1. ACL (Access Control List)
ACLS’s are used for network security
Conditions for controlling traffics through router is called ACL.
Two conditions are:-
1. Permit
2. Deny
Two types are:-
1. Standard (1-99)
2. Extended (100-199)
2. Standard ACL
Range 1-99
Standard ACL is configured under destination Router
Source IP is given for Standard ACL
Entire TCP/IP protocol stack is blocked when Deny condition is applied
3. Configuring Standard ACL
Router(config)#access-list ‘no:’ deny host ‘destination address’
Router(config)#access-list ‘no:’ permit any
4. Filter Design
Filter is designed at the interface which is nearest to destination in
standard ACL
ACL will only be accessible if filter is designed.
Syntax:-
Router(config-if)# ip access group ‘access list no:’ ‘in or out ‘
5. Verifying ACL’s
Router #show access-list
To remove:-
Router(config)#no access-list ‘no:’
Router(config-if)#no ip access group ‘access list no:’ ‘in or out’
6. Extended ACL
Range- 100-199
Extended ACL is configured under the source router.
Source IP and Destination IP is given for Extended ACL
Each or any protocols could be blocked when Deny condition is
applied
8. Named ACL
ACL’s with name are called Named ACLs.
Syntax:- For Standard
Router(config)#ip access-list standard ‘access list name’
Router(config-std-nacl)#deny host ‘address’
Router(config-std-nacl)#permit any
For Extended
Router(config)#ip access-list extended ‘access list name’
Router(config-std-nacl)#deny ‘service’ host ‘address’ host ‘address’
Router(config-std-nacl)#permit any any
10. NAT (Network Address Translation)
This service converts Private IP address to Public IP address
To avoid IP wastage
Implements Network Security.
Types of NAT:-
1. Static
2. Dynamic
3. NAT Overloading or PAT (Port Address Translation)
11. Static NAT
One to one mapping
Each private range IP is provided with each public range IP
12. Dynamic NAT
One to many mapping
A pool is created inside the NAT service.
In that it holds the information about public IP and its corresponding
Private IP
Each private IP selects its own Public IP for communication with the
help of Router
13. NAT overloading or PAT (Port Address
Translation)
Each Private IP is Translated on one single Public IP.
Each one is Provided with Port Numbers in order to avoid conflict.
14. Static NAT Configuration
Router(config)#Int fast Ethernet 0/0
Router(config-if)# IP NAT inside
Router(config)#Int s 1/0
Router(config-if)# IP NAT outside
Router(config-if)# Exit
Router(config)# ip NAT inside source static 10.0.0.1 200.0.0.1
To see the table
Router(config)#show ip nat translations
Router(config)#show ip nat statistics
15. Dynamic NAT Configuration
Access list creation- for grouping the private IP’s in our network
Pool creation- Creating pool in which the translations are to be
included.
Nat Activation
Create an Access List
Router(config)# Access-list 1 permit 10.0.0.0 0.255.255.255
Configure NAT dynamic Pool
Router(config)# IP NAT pool pool1 200.0.0.1 200.0.0.254 netmask 255.255.255.0
Link Access List to Pool
Router(config)# IP NAT inside source list 1 pool pool1
16. PAT Configuration
Router#config t
Router(config)# int e 0
Router(config-if)# ip nat inside
Router(config)# int s 0
Router(config-if)# ip nat outside
Router(config)#access-list 1 permit 10.0.0.0 0.255.255.255
Router(config)#ip nat inside source list 1 interface s 0 overload
To see host to host ping configure static or dynamic routing
To check translation
#show ip nat translations