1 / 4

Access Lists

Access Lists. Lecture 7 Hassan Shuja 04/25/2006. Access Lists. Access Lists (ACL) Access lists are used to filter traffic that passes through a router Some key features of Cisco ACL Packets can be filtered as they enter an interface Packets can be filtered before they exit an interface

orpah
Download Presentation

Access Lists

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Access Lists Lecture 7 Hassan Shuja 04/25/2006

  2. Access Lists • Access Lists (ACL) • Access lists are used to filter traffic that passes through a router • Some key features of Cisco ACL • Packets can be filtered as they enter an interface • Packets can be filtered before they exit an interface • Deny is the term used in Cisco IOS to block a packet at the interface that is doing the filtering • Permit is the term used in Cisco IOS to allow a packet through the interface that is doing the filtering • At the end of every ACL is an implied “deny all traffic” statement. Therefore, if a packet does not match any of your access list statements, it is blocked • ACL filter packets by looking at the IP, TCP, and UDP headers in the packet • There are two types of ACLs • The standard ACL only examine the source IP address • The extended ACL can examine the source and destination IP address, as well as the source and destination port numbers • ACLs use a wildcard mask instead of a subnet mask • Wildcard masks are the inverse of the subnet mask, the 1s are 0s and the 0s are 1s

  3. Access Lists • Standard Access Lists • Standard ACLs are numbered in the range of 1 to 99 or 1300 to 1999 • The following is the syntax for a standard ACL • “access-list number permit/deny ipaddress wildcard mask” • “access-list 1 permit 172.16.0.0 0.0.255.255” • “access-list 1 deny 165.31.0.0 0.0.255.255” • Configuration is done in configuration mode • A standard ACL needs to be enabled under the interface before it will work • The command used to apply an ACL to an interface is “ip access-group” • This command is run under the interface mode • To enable an ACL The interfaces on router need to be designated as the “inside” and “outside” interface • “ip access-group 1 out” or “ip access-group 1 in”

  4. Access Lists • Extended Access Lists • Extended ACLs are numbered in the range of 100 to 199 or 2000 to 2699 • The following is the syntax for a extended ACL • “access-list number permit/deny protocolsource IPaddress source wildcard mask destination IP address destination wildcard mask eq port number” • “access-list 101 permit tcp 172.16.0.0 0.0.255.255 165.33.15.0 0.0.0.255 eq 23” • “access-list 101 deny udp host 130.85.5.5 209.80.1.0 0.0.255.255 eq 80” • “host” can be used to specify one ip address • “eq” stands for equal and is telling the exact port to filter traffic on • Ports can be compared by using less than (lt) or greater than (gt) • Configuration is done in configuration mode • An extended ACL needs to be enabled under the interface before it will work • The command used to apply an ACL to an interface is “ip access-group” • This command is run under the interface mode • To enable an ACL The interfaces on router need to be designated as the “inside” and “outside” interface • “ip access-group 101 out” or “ip access-group 101 in” • Remarks can be written to identify the ACL • “access-list 101 remark this access list is used to deny web traffic”

More Related