Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Acl Configuration

    Hochgeladen von

    Vilas Shah
    7 Ansichten7 Seiten
    CCNA ACL Configuration

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    CCNA ACL Configuration

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    7 Ansichten7 Seiten

    Acl Configuration

    Hochgeladen von

    Vilas Shah
    CCNA ACL Configuration

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 7

    ACL

    create an ACL that filters all UDP traffic. Because you want to allow all other
    traffic, including ICMP, you should configure a statement that allows all other
    traffic.

    access-list 100 deny udp any any command

    To allow all other traffic, including ICMP, enter the access-list 100 permit ip any
    any command. Why do you use the ip keyword and not another such as tcp, udp,
    or icmp?
    The ip keyword encompasses all other relevant protocols such as TCP, UDP, and
    ICMP.

    Test result :
    Ping succesfull tcp traffic
    Traceroute denied udp traffic

    configure on a router's serial link an inbound access control list (ACL) that will
    deny Telnet and web traffic but permit all other traffic. The routers are
    preconfigured with IP addresses and OSPF, so you only need to configure the
    ACL. You will test the configuration by sending a ping, which should be allowed,
    and attempting to telnet, which should be denied.

    access-list 100 deny tcp any any eq 23


    access-list 100 deny tcp any any eq 80
    access-list 100 permit ip any any.

    ACL does nothing unless it is applied on an interface.


    ip access-group 100 in. Note that the command is access-group, not access-list,
    when applying the ACL on an interface.
    Test : send both Telnet and ICMP ping traffic from R2 into R1's S0/0/0 interface.

    Your task is to configure on R2's Serial 0/0/1 interface an outbound ACL that
    denies Telnet access for Telnet users in subnet 192.168.1.32/27 (R2's LAN
    subnet) who try to connect to Telnet servers in subnet 192.168.1.16/28 (R1's LAN
    subnet). The ACL should also allow other types of traffic between hosts in those
    same subnets. In this lab, you will use wildcard masks to filter traffic to and from
    these specific networks.

    Verify your configuration by entering show ip access-lists. You should see Telnet
    access denied and all other traffic permitted between these two networks.

    In this lab, you will configure an outbound access control list on R2's Serial 0/0/1
    interface. In this case, the ACL will deny web traffic from R2's LAN to R1's LAN
    and permit all other traffic.

    you will continue to gain experience working with access control lists and
    wildcard masks. You will configure on R1's S0/0/0 interface an ACL that permits
    only FTP access from R1's LAN to R2's LAN while denying all other traffic.

    Named ACL:

    Das könnte Ihnen auch gefallen