Beruflich Dokumente
Kultur Dokumente
10.0.0.1/8 S0
11.0.0.1/8 S0
HYD
E0 192.168.1.150/24
S1 10.0.0.2/8
CHE
E0 192.168.2.150/24
S1 11.0.0.2/8
BAN
E0 192.168.3.150/2
1.1
1.2
1.3
2.1
2.2
2.3
3.1
3.2
3.3
LAN - 192.168.1.0/24
LAN - 192.168.2.0/24
LAN - 192.168.3.0/24
3
Types of Access-list
Standard ACL
Extended ACL
Named ACL
Terminology
request ends.
Inbound : Traffic coming into the interface Outbound : Traffic going out of the interface
8
Terminology
Protocols : IP - TCP - UDP - ICMP Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than)
Tells the router which addressing bits must match in the address of the ACL statement.
10
A wild card mask can be calculated using the formula : Global Subnet Mask Customized Subnet Mask ------------------------------Wild Card Mask E.g. 255.255.255.255 255.255.255.240 --------------------0. 0. 0. 15
11
Rules of Access List All deny statements have to be given First There should be at least one Permit statement An implicit deny blocks all traffic by default when there is no match (an invisible statement). Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. Works in Sequential order Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible.
12
Creation and
Implementation is done Closest
10.0.0.1/8 S0
11.0.0.1/8 S0
to the
Destination.
HYD
E0 192.168.1.150/24
S1 10.0.0.2/8
CHE
E0 192.168.2.150/24
S1 11.0.0.2/8
BAN
E0 192.168.3.150/2
1.1
1.2
1.3
2.1
2.2
2.3
3.1
3.2
3.3
LAN - 192.168.1.0/24
LAN - 192.168.2.0/24
LAN - 192.168.3.0/24
13
10.0.0.1/8 S0
11.0.0.1/8 S0
HYD
E0 192.168.1.150/24
S1 10.0.0.2/8
CHE
E0 192.168.2.150/24
S1 11.0.0.2/8
BAN
E0 192.168.3.150/2
1.1
1.2
1.3
2.1
2.2
2.3
3.1
3.2
3.3
LAN - 192.168.1.0/24
LAN - 192.168.2.0/24
LAN - 192.168.3.0/24
14
1.1
2.1
1.1
2.1
10.0.0.1/8 S0
11.0.0.1/8 S0
HYD
E0 192.168.1.150/24
S1 10.0.0.2/8
CHE
E0 192.168.2.150/24
S1 11.0.0.2/8
BAN
E0 192.168.3.150/2
1.1
1.2
1.3 1.3
2.1
2.2
2.3
3.1
3.2
3.3
LAN - 192.168.1.0/24
LAN - 192.168.2.0/24
LAN - 192.168.3.0/24
17
1.1
2.1
18
1.1
2.1
1.1
2.1
1.1
2.1
Access-lists are identified using Names rather than Numbers. Names are Case-Sensitive No limitation of Numbers here. One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL)
22
10.0.0.1/8 S0
11.0.0.1/8 S0
HYD
E0 192.168.1.150/24
S1 10.0.0.2/8
CHE
E0 192.168.2.150/24
S1 11.0.0.2/8
BAN
E0 192.168.3.150/2
1.1
1.2
1.3
2.1
2.2
2.3
3.1
3.2
3.3
LAN - 192.168.1.0/24
LAN - 192.168.2.0/24
LAN - 192.168.3.0/24
23