Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing Bogdan Doinea.

Similar presentations


Presentation on theme: "Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing Bogdan Doinea."— Presentation transcript:

1 Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing Bogdan Doinea - Assoc. Technical Manager CEE, Russia&CIS Cisco Networking Academy

2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Basic types of ACLs The power of Named ACLs Tips and Tricks The trick to editing Numbered ACLs Technical DEMO

3 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Numbered ACLs Standard Use only layer 3 source addresses Extended Can filter using layer3/4 information and by source/destination addresses Limitations? When editing, we can only add statements to the end of the ACL access-list 10 permit access-list 101 permit tcp host host eq telnet

4 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Named ACLs have sequence numbers for each entry All ACLs have an implicit, invisible deny statement at the end ONLY if they have at least one statement Recommendation: you should always manually write the deny ip any any rule in order to see if packets matched it ip access-list extended in_to_out permit tcp host host eq telnet log deny ip any any ip access-list extended in_to_out permit tcp host host eq telnet log deny ip any any

5 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Scenario Ups! Forgot to give IP access through ssh too! Quick solution access-list 101 permit tcp host host eq telnet access-list 101 permit tcp host host eq ssh access-list 101 deny ip host access-list 101 permit tcp host host eq telnet access-list 101 permit tcp host host eq ssh access-list 101 deny ip host ip access-list extended 101

6 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Casting: THE ROUTER CCNA

7 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Instructor Professional Development One-stop-shop – for more Knowledge nuggets Learning through Gaming: Cisco Aspire Become an ACL Wizard! Passport 21 to Entrepreneurship Online communities CCNA Topics dedicated to ACLs

8 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Basic types of ACLs The power of Named ACLs Tips and Tricks The trick to editing Numbered ACLs Technical DEMO

9 Thank you.


Download ppt "Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing Bogdan Doinea."

Similar presentations


Ads by Google