Submit Search
Upload
CCNA3 Verson6 Chapter7
•
Download as PPTX, PDF
•
1 like
•
531 views
Chaing Ravuth
Follow
CCNA3 Verson6 Chapter7
Read less
Read more
Education
Report
Share
Report
Share
1 of 52
Download now
Recommended
CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4
Chaing Ravuth
CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6
Chaing Ravuth
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1
Chaing Ravuth
CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2
Chaing Ravuth
CCNA2 Verson6 Chapter8
CCNA2 Verson6 Chapter8
Chaing Ravuth
CCNA3 Verson6 Chapter6
CCNA3 Verson6 Chapter6
Chaing Ravuth
CCNA2 Verson6 Chapter3
CCNA2 Verson6 Chapter3
Chaing Ravuth
CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1
Chaing Ravuth
Recommended
CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4
Chaing Ravuth
CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6
Chaing Ravuth
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1
Chaing Ravuth
CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2
Chaing Ravuth
CCNA2 Verson6 Chapter8
CCNA2 Verson6 Chapter8
Chaing Ravuth
CCNA3 Verson6 Chapter6
CCNA3 Verson6 Chapter6
Chaing Ravuth
CCNA2 Verson6 Chapter3
CCNA2 Verson6 Chapter3
Chaing Ravuth
CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1
Chaing Ravuth
CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9
Chaing Ravuth
CCNA3 Verson6 Chapter5
CCNA3 Verson6 Chapter5
Chaing Ravuth
CCNA2 Verson6 Chapter2
CCNA2 Verson6 Chapter2
Chaing Ravuth
CCNP Switching Chapter 7
CCNP Switching Chapter 7
Chaing Ravuth
CCNA2 Verson6 Chapter10
CCNA2 Verson6 Chapter10
Chaing Ravuth
CCNA3 Verson6 Chapter4
CCNA3 Verson6 Chapter4
Chaing Ravuth
CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2
Chaing Ravuth
CCNA3 Verson6 Chapter3
CCNA3 Verson6 Chapter3
Chaing Ravuth
CCNA2 Verson6 Chapter5
CCNA2 Verson6 Chapter5
Chaing Ravuth
CCNP Switching Chapter 5
CCNP Switching Chapter 5
Chaing Ravuth
CCNA3 Verson6 Chapter2
CCNA3 Verson6 Chapter2
Chaing Ravuth
CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8
Chaing Ravuth
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
Chaing Ravuth
CCNA3 Verson6 Chapter8
CCNA3 Verson6 Chapter8
Chaing Ravuth
CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5
Chaing Ravuth
Chapter 18 : routing dynamically
Chapter 18 : routing dynamically
teknetir
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3
Chaing Ravuth
CCNA (R & S) Module 04 - Scaling Networks - Chapter 4
CCNA (R & S) Module 04 - Scaling Networks - Chapter 4
Waqas Ahmed Nawaz
CCNP Switching Chapter 9
CCNP Switching Chapter 9
Chaing Ravuth
CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5
Nil Menon
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 7
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 7
Waqas Ahmed Nawaz
CCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control Lists
Vuz Dở Hơi
More Related Content
What's hot
CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9
Chaing Ravuth
CCNA3 Verson6 Chapter5
CCNA3 Verson6 Chapter5
Chaing Ravuth
CCNA2 Verson6 Chapter2
CCNA2 Verson6 Chapter2
Chaing Ravuth
CCNP Switching Chapter 7
CCNP Switching Chapter 7
Chaing Ravuth
CCNA2 Verson6 Chapter10
CCNA2 Verson6 Chapter10
Chaing Ravuth
CCNA3 Verson6 Chapter4
CCNA3 Verson6 Chapter4
Chaing Ravuth
CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2
Chaing Ravuth
CCNA3 Verson6 Chapter3
CCNA3 Verson6 Chapter3
Chaing Ravuth
CCNA2 Verson6 Chapter5
CCNA2 Verson6 Chapter5
Chaing Ravuth
CCNP Switching Chapter 5
CCNP Switching Chapter 5
Chaing Ravuth
CCNA3 Verson6 Chapter2
CCNA3 Verson6 Chapter2
Chaing Ravuth
CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8
Chaing Ravuth
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
Chaing Ravuth
CCNA3 Verson6 Chapter8
CCNA3 Verson6 Chapter8
Chaing Ravuth
CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5
Chaing Ravuth
Chapter 18 : routing dynamically
Chapter 18 : routing dynamically
teknetir
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3
Chaing Ravuth
CCNA (R & S) Module 04 - Scaling Networks - Chapter 4
CCNA (R & S) Module 04 - Scaling Networks - Chapter 4
Waqas Ahmed Nawaz
CCNP Switching Chapter 9
CCNP Switching Chapter 9
Chaing Ravuth
CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5
Nil Menon
What's hot
(20)
CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9
CCNA3 Verson6 Chapter5
CCNA3 Verson6 Chapter5
CCNA2 Verson6 Chapter2
CCNA2 Verson6 Chapter2
CCNP Switching Chapter 7
CCNP Switching Chapter 7
CCNA2 Verson6 Chapter10
CCNA2 Verson6 Chapter10
CCNA3 Verson6 Chapter4
CCNA3 Verson6 Chapter4
CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2
CCNA3 Verson6 Chapter3
CCNA3 Verson6 Chapter3
CCNA2 Verson6 Chapter5
CCNA2 Verson6 Chapter5
CCNP Switching Chapter 5
CCNP Switching Chapter 5
CCNA3 Verson6 Chapter2
CCNA3 Verson6 Chapter2
CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
CCNA3 Verson6 Chapter8
CCNA3 Verson6 Chapter8
CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5
Chapter 18 : routing dynamically
Chapter 18 : routing dynamically
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3
CCNA (R & S) Module 04 - Scaling Networks - Chapter 4
CCNA (R & S) Module 04 - Scaling Networks - Chapter 4
CCNP Switching Chapter 9
CCNP Switching Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5
Similar to CCNA3 Verson6 Chapter7
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 7
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 7
Waqas Ahmed Nawaz
CCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control Lists
Vuz Dở Hơi
Chapter 09 - Access Control Lists
Chapter 09 - Access Control Lists
Yaser Rahmati
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9
Nil Menon
Chapter 20 : access control lists
Chapter 20 : access control lists
teknetir
CCNA (R & S) Module 02 - Connecting Networks - Chapter 4
CCNA (R & S) Module 02 - Connecting Networks - Chapter 4
Waqas Ahmed Nawaz
CCNA_RSE_Chp7.pptx
CCNA_RSE_Chp7.pptx
NarcisIlie1
cisco-nti-Day19
cisco-nti-Day19
eyad alaa
Icnd210 s06l01
Icnd210 s06l01
computerlenguyen
CCNA Discovery 3 - Chapter 8
CCNA Discovery 3 - Chapter 8
Irsandi Hasan
CCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame Relay
Vuz Dở Hơi
Cn instructor ppt_chapter4_final
Cn instructor ppt_chapter4_final
Leoo Romo
CCNA Exploration 4 - Chapter 5
CCNA Exploration 4 - Chapter 5
Irsandi Hasan
ENSA_Module_4.pptx
ENSA_Module_4.pptx
SkyBlue659156
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
Waqas Ahmed Nawaz
acl configuration
acl configuration
RandyDookheran1
Ccna rse chp7 Access Control List (ACL)
Ccna rse chp7 Access Control List (ACL)
newbie2019
CCNAv5 - S4: Chapter 1 Hierarchical Network Design
CCNAv5 - S4: Chapter 1 Hierarchical Network Design
Vuz Dở Hơi
IPv6 ACL
IPv6 ACL
Irsandi Hasan
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
Vuz Dở Hơi
Similar to CCNA3 Verson6 Chapter7
(20)
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 7
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 7
CCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control Lists
Chapter 09 - Access Control Lists
Chapter 09 - Access Control Lists
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9
Chapter 20 : access control lists
Chapter 20 : access control lists
CCNA (R & S) Module 02 - Connecting Networks - Chapter 4
CCNA (R & S) Module 02 - Connecting Networks - Chapter 4
CCNA_RSE_Chp7.pptx
CCNA_RSE_Chp7.pptx
cisco-nti-Day19
cisco-nti-Day19
Icnd210 s06l01
Icnd210 s06l01
CCNA Discovery 3 - Chapter 8
CCNA Discovery 3 - Chapter 8
CCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame Relay
Cn instructor ppt_chapter4_final
Cn instructor ppt_chapter4_final
CCNA Exploration 4 - Chapter 5
CCNA Exploration 4 - Chapter 5
ENSA_Module_4.pptx
ENSA_Module_4.pptx
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
acl configuration
acl configuration
Ccna rse chp7 Access Control List (ACL)
Ccna rse chp7 Access Control List (ACL)
CCNAv5 - S4: Chapter 1 Hierarchical Network Design
CCNAv5 - S4: Chapter 1 Hierarchical Network Design
IPv6 ACL
IPv6 ACL
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
CCNAv5 - S3: Chapter1 Introduction to Scaling Networks
More from Chaing Ravuth
CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH6
Chaing Ravuth
CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH5
Chaing Ravuth
CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH4
Chaing Ravuth
CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH3
Chaing Ravuth
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
Chaing Ravuth
CCNP Switching Chapter 3
CCNP Switching Chapter 3
Chaing Ravuth
CCNP Switching Chapter 2
CCNP Switching Chapter 2
Chaing Ravuth
CCNP Switching Chapter 1
CCNP Switching Chapter 1
Chaing Ravuth
CCNP Switching Chapter 10
CCNP Switching Chapter 10
Chaing Ravuth
CCNP Switching Chapter 8
CCNP Switching Chapter 8
Chaing Ravuth
CCNP Switching Chapter 6
CCNP Switching Chapter 6
Chaing Ravuth
CCNP Switching Chapter 4
CCNP Switching Chapter 4
Chaing Ravuth
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8
Chaing Ravuth
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7
Chaing Ravuth
More from Chaing Ravuth
(14)
CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
CCNP Switching Chapter 3
CCNP Switching Chapter 3
CCNP Switching Chapter 2
CCNP Switching Chapter 2
CCNP Switching Chapter 1
CCNP Switching Chapter 1
CCNP Switching Chapter 10
CCNP Switching Chapter 10
CCNP Switching Chapter 8
CCNP Switching Chapter 8
CCNP Switching Chapter 6
CCNP Switching Chapter 6
CCNP Switching Chapter 4
CCNP Switching Chapter 4
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7
Recently uploaded
Mental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young minds
Pooky Knightsmith
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
Nguyen Thanh Tu Collection
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
Prerana Jadhav
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
Mae Pangan
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
BabyAnnMotar
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
Stan Meyer
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP Module
Celine George
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
GloryAnnCastre1
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
DhatriParmar
ClimART Action | eTwinning Project
ClimART Action | eTwinning Project
jordimapav
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
chesterberbo7
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
Celine George
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
lancelewisportillo
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
Sayali Powar
week 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptx
JonalynLegaspi2
Transaction Management in Database Management System
Transaction Management in Database Management System
Christalin Nelson
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
Celine George
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
Humphrey A Beña
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Association for Project Management
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
Excellence Foundation for South Sudan
Recently uploaded
(20)
Mental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young minds
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP Module
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
ClimART Action | eTwinning Project
ClimART Action | eTwinning Project
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
week 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptx
Transaction Management in Database Management System
Transaction Management in Database Management System
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
CCNA3 Verson6 Chapter7
1.
© 2008 Cisco
Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1 Instructor Materials Chapter 7: Access Control Lists CCNA Routing and Switching Routing and Switching Essentials v6.0
2.
© 2008 Cisco
Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13 Chapter 7: Access Control Lists Routing and Switching Essentials v6.0
3.
Presentation_ID 14© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 7 - Sections & Objectives 7.1 ACL Operation • Explain how ACLs filter traffic. • Explain how ACLs use wildcard masks. • Explain how to create ACLs. • Explain how to place ACLs. 7.2 Standard IPv4 ACLs • Configure standard IPv4 ACLs to filter traffic to meet networking requirements. • Use sequence numbers to edit existing standard IPv4 ACLs. • Configure a standard ACL to secure vty access. 7.3 Troubleshoot ACLs • Explain how a router processes packets when an ACL is applied. • Troubleshoot common standard IPv4 ACL errors using CLI commands.
4.
© 2008 Cisco
Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15 7.1 ACL Operation
5.
Presentation_ID 16© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Purpose of ACLs What is an ACL? By default, a router does not have ACLs configured; therefore, by default a router does not filter traffic.
6.
Presentation_ID 17© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Purpose of ACLs Packet Filtering Packet filtering, sometimes called static packet filtering, controls access to a network by analyzing the incoming and outgoing packets and passing or dropping them based on given criteria, such as the source IP address, destination IP addresses, and the protocol carried within the packet. A router acts as a packet filter when it forwards or denies packets according to filtering rules. An ACL is a sequential list of permit or deny statements, known as access control entries (ACEs).
7.
Presentation_ID 18© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Purpose of ACLs ACL Operation
8.
Presentation_ID 19© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Wildcard Masks in ACLs Introducing ACL Wildcard Masking
9.
Presentation_ID 20© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Wildcard Masks in ACLs Introducing ACL Wildcard Masking (cont.) Example
10.
Presentation_ID 21© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Wildcard Masks in ACLs Wildcard Mask Examples
11.
Presentation_ID 22© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Wildcard Masks in ACLs Wildcard Mask Examples (cont.)
12.
Presentation_ID 23© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Wildcard Masks in ACLs Calculating the Wildcard Mask Calculating wildcard masks can be challenging. One shortcut method is to subtract the subnet mask from 255.255.255.255.
13.
Presentation_ID 24© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Wildcard Masks in ACLs Wildcard Mask Keywords
14.
Presentation_ID 25© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Wildcard Masks in ACLs Wildcard Mask Keyword Examples
15.
Presentation_ID 26© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Guidelines for ACL Creation General Guidelines for Creating ACLS
16.
Presentation_ID 27© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Guidelines for ACL Creation ACL Best Practices
17.
Presentation_ID 28© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Guidelines for ACL Placement Where to Place ACLs
18.
Presentation_ID 29© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Guidelines for ACL Placement Where to Place ACLs (cont.) Every ACL should be placed where it has the greatest impact on efficiency. The basic rules are: Extended ACLs - Locate extended ACLs as close as possible to the source of the traffic to be filtered. Standard ACLs - Because standard ACLs do not specify destination addresses, place them as close to the destination as possible. Placement of the ACL, and therefore the type of ACL used, may also depend on: the extent of the network administrator’s control, bandwidth of the networks involved, and ease of configuration.
19.
Presentation_ID 30© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Guidelines for ACL Placement Standard ACL Placement The administrator wants to prevent traffic originating in the 192.168.10.0/24 network from reaching the 192.168.30.0/24 network.
20.
© 2008 Cisco
Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31 7.2 Standard IPv4 ACLs
21.
Presentation_ID 32© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Standard IPv4 ACLs Numbered Standard IPv4 ACL Syntax Router(config)# access-list access-list-number { deny | permit | remark } source [ source-wildcard ] [ log ]
22.
Presentation_ID 33© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Standard IPv4 ACLs Applying Standard IPv4 ACLs to Interfaces
23.
Presentation_ID 34© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Standard IPv4 ACLs Applying Standard IPv4 ACLs to Interfaces (cont.)
24.
Presentation_ID 35© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Standard IPv4 ACLs Numbered Standard IPv4 ACL Examples
25.
Presentation_ID 36© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Standard IPv4 ACLs Numbered Standard IPv4 ACL Examples (cont.)
26.
Presentation_ID 37© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Standard IPv4 ACLs Named Standard IPv4 ACL Syntax
27.
Presentation_ID 38© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Standard IPv4 ACLs Named Standard IPv4 ACL Syntax (cont.)
28.
Presentation_ID 39© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Modify IPv4 ACLs Method 1 – Use a Text Editor
29.
Presentation_ID 40© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Modify IPv4 ACLs Method 2 – Use Sequence Numbers
30.
Presentation_ID 41© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Modify IPv4 ACLs Editing Standard Named ACLs
31.
Presentation_ID 42© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Modify IPv4 ACLs Verifying ACLs
32.
Presentation_ID 43© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Modify IPv4 ACLs ACL Statistics
33.
Presentation_ID 44© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Securing VTY Ports with a Standard IPv4 ACL The access-class Command The access-class command configured in line configuration mode restricts incoming and outgoing connections between a particular VTY (into a Cisco device) and the addresses in an access list.
34.
Presentation_ID 45© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Securing VTY Ports with a Standard IPv4 ACL Verifying the VTY Port is Secured
35.
© 2008 Cisco
Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 46 7.3 Troubleshoot ACLs
36.
Presentation_ID 47© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Processing Packet with ACLs The Implicit Deny Any At least one permit ACE must be configured in an ACL or all traffic is blocked. For the network in the figure, applying either ACL 1 or ACL 2 to the S0/0/0 interface of R1 in the outbound direction will have the same effect.
37.
Presentation_ID 48© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Processing Packet with ACLs The Order of ACEs in an ACL
38.
Presentation_ID 49© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Processing Packet with ACLs The Order of ACEs in an ACL (cont.)
39.
Presentation_ID 50© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Processing Packet with ACLs Cisco IOS Reorders Standard ACLs Notice that the statements are listed in a different order than they were entered.
40.
Presentation_ID 51© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Processing Packet with ACLs Cisco IOS Reorders Standard ACLs (cont.) The order in which the standard ACEs are listed is the sequence used by the IOS to process the list.
41.
Presentation_ID 52© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Processing Packet with ACLs Routing Processes and ACLs As a frame enters an interface, the router checks to see whether the destination Layer 2 address matches its interface Layer 2 address, or whether the frame is a broadcast frame. If the frame address is accepted, the frame information is stripped off and the router checks for an ACL on the inbound interface. If an ACL exists, the packet is tested against the statements in the list. If the packet matches a statement, the packet is either permitted or denied. If the packet is accepted, it is then checked against routing table entries to determine the destination interface. If a routing table entry exists for the destination, the packet is then switched to the outgoing interface, otherwise the packet is dropped. Next, the router checks whether the outgoing interface has an ACL. If an ACL exists, the packet is tested against the statements in the list. If the packet matches a statement, it is either permitted or denied. If there is no ACL or the packet is permitted, the packet is encapsulated in the new Layer 2 protocol and forwarded out the interface to the next device.
42.
Presentation_ID 53© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Common Standard IPv4 ACL Errors Troubleshooting Standard IPv4 ACLs – Example 1
43.
Presentation_ID 54© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Common Standard IPv4 ACL Errors Troubleshooting Standard IPv4 ACLs – Example 1 (cont.)
44.
Presentation_ID 55© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Common Standard IPv4 ACL Errors Troubleshooting Standard IPv4 ACLs – Example 2 Security Policy: The 192.168.11.0/24 network should not be able to access the 192.168.10.0/24 network.
45.
Presentation_ID 56© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Common Standard IPv4 ACL Errors Troubleshooting Standard IPv4 ACLs – Example 2 (cont.) ACL 20 was applied to the wrong interface and in the wrong direction. All traffic from the 192.168.11.0/24 is denied inbound access through the G0/1 interface.
46.
Presentation_ID 57© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Common Standard IPv4 ACL Errors Troubleshooting Standard IPv4 ACLs – Example 2 (cont.)
47.
Presentation_ID 58© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Common Standard IPv4 ACL Errors Troubleshooting Standard IPv4 ACLs – Example 3 Problem Security Policy: Only PC1 is allowed SSH remote access to R1.
48.
Presentation_ID 59© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential Common Standard IPv4 ACL Errors Troubleshooting Standard IPv4 ACLs – Example 3 (cont.) Solution! Security Policy: Only PC1 is allowed SSH remote access to R1.
49.
© 2008 Cisco
Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 60 7.4 Summary
50.
Presentation_ID 61© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential • Explain how ACLs filter traffic. • Explain how ACLs use wildcard masks. • Explain how to create ACLs. • Explain how to place ACLs. • Configure standard IPv4 ACLs to filter traffic to meet networking requirements. • Use sequence numbers to edit existing standard IPv4 ACLs. • Configure a standard ACL to secure vty access. • Explain how a router processes packets when an ACL is applied. • Troubleshoot common standard IPv4 ACL errors using CLI commands. Chapter Summary Summary
51.
Presentation_ID 64© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential
52.
Presentation_ID 65© 2008
Cisco Systems, Inc. All rights reserved. Cisco Confidential
Download now