SlideShare uma empresa Scribd logo

Acl

Transferir como PPT, PDF
Raghu Kiran
Raghu Kiran

ACL

EducaçãoTecnologia
1 de 19
• ACL is a set of rules which will allow or deny the specific traffic moving through the router • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. Access Control List
Types of Access-list ACCESS-LIST NUMBERED NAMED STANDARD EXTENDED STANDARD EXTENDED
Standard Access List • The access-list number range is 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address • The access-list number range is 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no Extended Access List
• Deny : Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface Terminology
• All deny statements have to be given First • There should be at least one Permit statement • An implicit deny blocks all traffic by default when there is no match (an invisible statement). • Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. • Works in Sequential order • Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible. Rules of Access List
• Tells the router which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 Wild Card Mask
• A wild card mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------- Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------- 0. 0. 0. 15 Wild Card Mask
Network Diagram E0 10.1.1.1/8 HYD LAN – 10.0.0.0/8 E0 20.1.1.1/8 KSA LAN – 20.0.0.0/8 E0 30.1.1.1/8 UAE LAN – 30.0.0.0/8 1.1.1.1/8 S0 S1 1.1.1.2/8 2.2.2.1/8 S0 S1 2.2.2.2/8
• The access-list number range is (1–99) & (1600- 1999) • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address Standard Access List
Creation of Standard Access List (config)# access-list <acl no> <permit/deny> <source add> <source WCM> Implementation of Standard Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in> To Verify : # show access-list # show access-list <no>
• The access-list number range is (100 – 199) • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no. Extended Access List
IP TCP HTTP TELNET FTP SMTP UDP DNS TFTP DHCP NNTP ICMP PING TRACEROUTE
Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than)
Creation of Extended Access List (config)# access-list <acl no> <permit/deny> <protocol> <source add> <source WCM> <destination add> < destination WCM> <operator> <service> Implementation of Extended Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in>
• Access-lists are identified using Names rather than Numbers. • Names are Case-Sensitive • No limitation of Numbers here. • One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL) Named Access List
Standard Named Access List Creation of Standard Named Access List (config)# ip access-list standard <name> (config-std-nacl)# <permit/deny> <source address> <source wildcard mask> Implementation (config)#interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
Extended Named Access List Creation of Extended Named Access List (config)# ip access-list extended <name> (config-ext-nacl)#<permit/deny> <protocol> <source add> <source WCM> <dest. add> <dest. WCM> <operator><service> Implementation (config)# interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
Acl

Recomendados

Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1Kishore Kumar
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]Summit Bisht
 
OSPF Fundamental
OSPF FundamentalOSPF Fundamental
OSPF FundamentalReza Farahani
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 
Vlan
Vlan Vlan
Vlan sanss40
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
Routing
RoutingRouting
RoutingSaima Azam
 

Recomendados

Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1Kishore Kumar
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]Summit Bisht
 
OSPF Fundamental
OSPF FundamentalOSPF Fundamental
OSPF FundamentalReza Farahani
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 
Vlan
Vlan Vlan
Vlan sanss40
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
Routing
RoutingRouting
RoutingSaima Azam
 
Network address translation
Network address translationNetwork address translation
Network address translationVarsha Honde
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocolMuhammad Arshad
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Routing protocols
Routing protocolsRouting protocols
Routing protocolsrajshreemuthiah
 
Spanning tree protocol (stp)
Spanning tree protocol (stp)Spanning tree protocol (stp)
Spanning tree protocol (stp)RaghulR21
 
IPv4
IPv4IPv4
IPv4Dhiraj Mishra
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)Amit Kumar , Jaipur Engineers
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocolVarsha Anandani
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)NetProtocol Xpert
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocolSmriti Tikoo
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)Joud Khattab
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
Wired LANs
Wired LANsWired LANs
Wired LANsMeenakshi Paul
 
MAC Address – All you Need to Know About it
MAC Address – All you Need to Know About itMAC Address – All you Need to Know About it
MAC Address – All you Need to Know About itAsya Karapetyan
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information ProtocolKashif Latif
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking pptEr. Anmol Bhagat
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control listsSourabh Badve
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESSJothi Lakshmi
 
Classless inter domain routing
Classless inter domain routingClassless inter domain routing
Classless inter domain routingVikash Gangwar
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 aclSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnaLakshan Perera
 

Mais conteúdo relacionado

Mais procurados

Network address translation
Network address translationNetwork address translation
Network address translationVarsha Honde
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Spanning tree protocol (stp)
Spanning tree protocol (stp)Spanning tree protocol (stp)
Spanning tree protocol (stp)RaghulR21
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)NetProtocol Xpert
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)Joud Khattab
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
MAC Address – All you Need to Know About it
MAC Address – All you Need to Know About itMAC Address – All you Need to Know About it
MAC Address – All you Need to Know About itAsya Karapetyan
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information ProtocolKashif Latif
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control listsSourabh Badve
 
Classless inter domain routing
Classless inter domain routingClassless inter domain routing
Classless inter domain routingVikash Gangwar
 

Mais procurados (20)

Network address translation
Network address translationNetwork address translation
Network address translation
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Access control list 2
Access control list 2Access control list 2
Access control list 2
 
Routing protocols
Routing protocolsRouting protocols
Routing protocols
 
Spanning tree protocol (stp)
Spanning tree protocol (stp)Spanning tree protocol (stp)
Spanning tree protocol (stp)
 
IPv4
IPv4IPv4
IPv4
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocol
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting Presentation
 
Wired LANs
Wired LANsWired LANs
Wired LANs
 
MAC Address – All you Need to Know About it
MAC Address – All you Need to Know About itMAC Address – All you Need to Know About it
MAC Address – All you Need to Know About it
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information Protocol
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESS
 
Classless inter domain routing
Classless inter domain routingClassless inter domain routing
Classless inter domain routing
 

Semelhante a Acl

Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Shu Shin
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Aclphanleson
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingtayybahaseeb18
 
Access List in Networks
Access List in NetworksAccess List in Networks
Access List in Networkswolverinetyagi
 
Standard & Extended ACL Configuration
Standard & Extended ACL ConfigurationStandard & Extended ACL Configuration
Standard & Extended ACL ConfigurationMdAlAmin187
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summarymoonmanik
 

Semelhante a Acl (20)

CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Acl
AclAcl
Acl
 
Anilnet
AnilnetAnilnet
Anilnet
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Chapter 08 - Acl
Chapter 08 - AclChapter 08 - Acl
Chapter 08 - Acl
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
20 access lists[1]
20 access lists[1]20 access lists[1]
20 access lists[1]
 
access control list(ACL) from data communication and networking
access control list(ACL) from data communication and networkingaccess control list(ACL) from data communication and networking
access control list(ACL) from data communication and networking
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access Lists
 
Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231Easy steps-cisco-extended-access-list-231
Easy steps-cisco-extended-access-list-231
 
Access List in Networks
Access List in NetworksAccess List in Networks
Access List in Networks
 
CCNA
CCNACCNA
CCNA
 
Standard & Extended ACL Configuration
Standard & Extended ACL ConfigurationStandard & Extended ACL Configuration
Standard & Extended ACL Configuration
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
 

Último

_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 

Último (20)

_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 

Acl

  • 1.
  • 2. • ACL is a set of rules which will allow or deny the specific traffic moving through the router • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. Access Control List
  • 3. Types of Access-list ACCESS-LIST NUMBERED NAMED STANDARD EXTENDED STANDARD EXTENDED
  • 4. Standard Access List • The access-list number range is 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address • The access-list number range is 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no Extended Access List
  • 5. • Deny : Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface Terminology
  • 6. • All deny statements have to be given First • There should be at least one Permit statement • An implicit deny blocks all traffic by default when there is no match (an invisible statement). • Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. • Works in Sequential order • Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible. Rules of Access List
  • 7. • Tells the router which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 Wild Card Mask
  • 8. • A wild card mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------- Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------- 0. 0. 0. 15 Wild Card Mask
  • 9. Network Diagram E0 10.1.1.1/8 HYD LAN – 10.0.0.0/8 E0 20.1.1.1/8 KSA LAN – 20.0.0.0/8 E0 30.1.1.1/8 UAE LAN – 30.0.0.0/8 1.1.1.1/8 S0 S1 1.1.1.2/8 2.2.2.1/8 S0 S1 2.2.2.2/8
  • 10. • The access-list number range is (1–99) & (1600- 1999) • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address Standard Access List
  • 11. Creation of Standard Access List (config)# access-list <acl no> <permit/deny> <source add> <source WCM> Implementation of Standard Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in> To Verify : # show access-list # show access-list <no>
  • 12. • The access-list number range is (100 – 199) • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no. Extended Access List
  • 14. Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than)
  • 15. Creation of Extended Access List (config)# access-list <acl no> <permit/deny> <protocol> <source add> <source WCM> <destination add> < destination WCM> <operator> <service> Implementation of Extended Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in>
  • 16. • Access-lists are identified using Names rather than Numbers. • Names are Case-Sensitive • No limitation of Numbers here. • One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL) Named Access List
  • 17. Standard Named Access List Creation of Standard Named Access List (config)# ip access-list standard <name> (config-std-nacl)# <permit/deny> <source address> <source wildcard mask> Implementation (config)#interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
  • 18. Extended Named Access List Creation of Extended Named Access List (config)# ip access-list extended <name> (config-ext-nacl)#<permit/deny> <protocol> <source add> <source WCM> <dest. add> <dest. WCM> <operator><service> Implementation (config)# interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>