Download
1 / 21
220 likes | 319 Vues
Access Control Lists (ACLs) are vital in controlling what traffic passes through a router. Learn about different types of ACLs - Standard, Extended, and Named ACLs - and their configurations. Understand ACL rules, common ports, and syntax. Discover how to effectively manage ACLs, reuse them, and troubleshoot issues. Ensure your ACLs are optimized by placing them close to the traffic source. Start securing your network traffic effectively within 60 days!
E N D
In 60 Days – ICND2 Access Lists
Traffic Cops • Decides what can pass through router • Set of YES/NO filters • Have several uses…
Use ACLs • To filter traffic • Reference NAT pools • Debugging • With route maps for routing
Types of ACL • Standard • Extended • Named
Standard IP ACL • Numbered from 1 to 99 • Can filter on source host/network • Can’t filter ports or protocols
Extended IP ACLs • Numbered from 100-199 • Filters port/destination/source etc. • More complicated to configure
Named ACLs • Names instead of numbers • Can be standard or extended • Slightly different commands
Need to Know... • Port numbers • Command syntax • ACL rules
Command Syntax • We will come to this!
ACL Rule #1 • One ACL per interface per direction One incoming One incoming One outgoing One outgoing
ACL Rule #2 • Processed top down • Incoming 172.16.1.1
ACL Rule #3 • Implicit ‘deny all’ at bottom • Incoming 172.20.1.1
ACL Rule #4 • Router can’t filter self generated traffic
ACL Rule #5 – Can’t Edit Live • Can’t edit live standard or extended lists • Can edit named • Stop access list working (from interface) • Copy into notepad – edit - reapply
ACL Rule #6 • Disable ACL on the interface R1(config)#no ip access-group 101 in
ACL Rule #7 • Can reuse the same ACL
ACL Rule #8 • Keep ‘em short • Most specific rules at top Should be at top
ACL Rule #9 • Place as close to traffic source as possible Do not put it here
