Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.

Published byGeorge Dominic Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager."— Presentation transcript:

1 Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager Europe/CEE/RCIS Cisco Networking Academy

2 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 CCNA & ACLs Packet Filtering & ACL Overview Standard ACL Configuration Extended ACL Configuration Demo & Summary

3 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3  Provide a brief review of ACLs.  Demonstrate a brief example of how ACLs can be administered.  Provide a brief description of the troubleshooting scenarios that are available.  Focus on the use of Packet Tracer as a simulation tool and create an interactive session where the audience troubleshoots and pre- configured network.

4 Cisco Confidential 4 © 2010 Cisco and/or its affiliates. All rights reserved.

5 Cisco Confidential 5  ACLs are an area that not only students struggle with but also instructors.  ACLs are covered in both CCNA Discovery & Exploration.  CCNA Exploration:  CCNA Exploration 4 - Chapter 5  ACL theory  ACL examples  Packet Tracer Activities

6 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6  Controls access to a network  Analyzes incoming and outgoing packets.  Either permits or denies them based on a predefined set of criteria.  Routers act as packet filters  Make decisions based on source & destination IP addresses.  Source port; Destination port; & protocols can also be a determining factors.  ACLs are sequential lists that include the following:  Permit statement.  Deny statements.  They extract info from the packet header and test it against the permit/deny rules.

7 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Inbound ACLs Outbound ACLs

10 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10  Standard Access Control Lists  ACLs numbered 1-99 or 1300-1999  IPv4 & IPv6  Filter solely on Layer 3 source information  Extended Access Control Lists

11 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11  Standard ACLs - placed as close to the destination as possible  Extended ACLs - placed on routers as close as possible to the source that is being filtered.

12 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

13 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Task: Block host 10.0.0.3 from gaining access on 40.0.0.0. While 10.0.0.3 must be able to communicate with other networks. All other computers from the network of 10.0.0.0 must be able to connect with the network of 40.0.0.0. R2>enable R2#configure terminal R2(config)#access-list 1 deny host 10.0.0.3 R2(config)#access-list 1 permit any R2(config)#interface FastEthernet 0/1 R2(config-if)#ip access-group 1 out

14 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14  Usually range from 100-199 and 2000-2699.  Extended ACLs check sources & destination address; ports; & protocols.  Hence provide a greater range of control and enhance security.

15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

16 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16  Reflexive ACLs  Dynamically allow reply packets  Work with TCP & UDP sessions initiated internally  Reduced exposure to spoofing and DoS attacks  Dynamic ACLs  Also known as ‘Lock-and-Key’ ACLs  Were available only for IP traffic  Dependent on Telnet connectivity, authentication, & E-ACLs  Time Based ACLs  Allow for access control based upon time of day, day of the week, or day of the month.

17 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17  Which three statements should be considered when applying ACLs to a Cisco router? (Choose three) a) Place generic ACL entries at the top of the ACL. b) Place more specific ACL entries at the top of the ACL. c) Router-generated packets pass through ACLs without filtering. d) ACLs always search for the most specific entry before taking any filtering action. e) An access list applied to any interface without a configured ACL allows all traffic to pass.

18 Cisco Confidential 18 © 2010 Cisco and/or its affiliates. All rights reserved.

19 Cisco Confidential 19

20 Thank you.

Download ppt "Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing Bogdan Doinea.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Knowledge Nugget Become an ACL Wizard – Advanced ACL Editing Bogdan Doinea.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 4 – Implementing Firewall Technologies.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 4 – Implementing Firewall Technologies.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 

1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
The Cisco ACL. 1.The Cisco ACL is simply a means to filter traffic that crosses your router. 2.It has two major syntax types numbered and named lists.

The Cisco ACL. 1.The Cisco ACL is simply a means to filter traffic that crosses your router. 2.It has two major syntax types numbered and named lists.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA DHCP Deepdive November, 2011 Jaskaran Kalsi & Anton Merckushov Assoc.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA DHCP Deepdive November, 2011 Jaskaran Kalsi & Anton Merckushov Assoc.

Similar presentations

Ads by Google