Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

Published byBarry Kelly Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5

2 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 2 Objectives  Explain how ACLs are used to secure a medium-size Enterprise branch office network.  Configure standard ACLs in a medium-size Enterprise branch office network.  Configure extended ACLs in a medium-size Enterprise branch office network.  Describe complex ACLs in a medium-size Enterprise branch office network.  Implement, verify and troubleshoot ACLs in an enterprise network environment.

3 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 3 What is ACL? Access Control List stands for the list of packet filter rules, that defines, whether to allow or deny specified type of communication. It does similar actions like complex Firewalls.

4 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 4 ACL rules  ACL is the list of the rules, which starts at the top of the list and ends with the first match (Lunch example) AllowRice AllowPotato DenyHamburger AllowTomato AllowHamburger DenyTomato Can I eat Potato? First matching rule is on line 2 - ALLOW Can I eat Hamburger? First matching rule is on line 3 - DENY Anything not mentioned here DENY Can I eat Tomato? First matching rule is on line 4 - ALLOW Can I eat Ham? Implicit rule at the end of the list - DENY

5 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 5 Explain How ACLs are Used to Secure a Medium-Size Enterprise Branch Office Network  Explain how a packet filter allows or blocks traffic

6 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 6 Explain How ACLs are Used to Secure a Medium-Size Enterprise Branch Office Network  Describe how ACLs control access to networks

7 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 7 ACL Types extendedstandard numbered named extendedstandard Standard – decision made only by source host/network address Extended – decision made by complex criteria: source or destination host/network address protocol used in case of TCP/UDP – service that is used (port)

8 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 8 Explain How ACLs are Used to Secure a Medium-Size Enterprise Branch Office Network  Explain how Cisco ACLs can be identified using standardized numbering or names

9 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 9 ACL syntax Before we start writing rules, we need to understand the term wildcard mask ! Wildcard mask – tells us, which part of IP address is necessary to check with corresponding IP address 0-bit in wildcard mask represent bit, that needs to be checked 1-bit in wildcard mask represent bit, that can be ignored Example: Wildcard mask: 0.0.0.255 in binary 00000000.00000000.00000000.11111111 Tells us, that first 24 bits of IP address needs to be checked.

10 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 10 Lets do the practise… Which bits of IP address needs to be checked, when we want to be sure, that IP address has in last octet number between 128-255? Examples: 192.168.1.12811000000.10101000.00000001.10000000 10.10.30.12900001010.00001010.00011110.10000001 5.5.5.25500000101.00000101.00000101.11111111 They all begin with 25 th bit set to 1 in order to be greater than 128 128 – 10000000 129 – 10000001 130 – 10000010 131 – 10000011 Wildcard mask: 11111111.11111111.11111111.01111111 255.255.255.127

11 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 11 Lets do the practise… Which bits of IP address needs to be checked, when we want to be sure, that IP address has in last octet number between 128-255? Examples: 192.168.1.12811000000.10101000.00000001.10000000 10.10.30.12900001010.00001010.00011110.10000001 5.5.5.25500000101.00000101.00000101.11111111 They all begin with 25 th bit set to 1 in order to be greater than 128 128 – 10000000 129 – 10000001 130 – 10000010 131 – 10000011 Wildcard mask: 11111111.11111111.11111111.01111111 255.255.255.127 It is not enough, because we need to say what value of that checked bit we expect! (in our case, we expect 1) Wildcard mask is everytime paired with an IP address as refference for bit values

12 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 12 Second trial… Which combination of IP and Wildcard mask we need to use when we want to check, whether packet has address from address space 192.168.1.0/24 and has even number between 128-255 in last octet? Examples: 192.168.1.12811000000.10101000.00000001.10000000 192.168.1.13011000000.10101000.00000001.10000010 192.168.1.13211000000.10101000.00000001.10000100 192.168.1.25411000000.10101000.00000001.11111110 Wildcard mask: 11111111.11111111.11111111.11111111 It is not necessary to check any bits Which bits needs to be checked, so we will be sure, it is from 192.168.1.0/24 Wildcard mask: 00000000.00000000.00000000.11111111 Check first 24 bits of IP address Which bits we need to check, so we will be sure, it is the number between 128-255 in last octet Wildcard mask: 00000000.00000000.00000000.01111111 Check first 25 bits of IP address Which bits we need to check, so we will be sure, it is the even number in last octet? Wildcard mask: 00000000.00000000.00000000.01111110 Check first 25 bits of IP address and 32 nd bit Wildcard: 0.0.0.126 Coresponding IP: e.g. 192.168.1.136

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 13 Numbered ACL

14 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 14 Configure Standard ACLs in a Medium- Size Enterprise Branch Office Network  Explain the process for editing numbered ACLs

15 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 15 Named ACL

16 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 16 Configure Standard ACLs in a Medium- Size Enterprise Branch Office Network  Describe how to monitor and verify ACLs

17 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 17 Configure Extended ACLs in a Medium- Size Enterprise Branch Office Network  Describe how to apply an extended ACL to an interface

18 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 18 Configure Extended ACLs in a Medium- Size Enterprise Branch Office Network  Describe how to create named extended ACLs

19 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 19 Describe Complex ACLs in a Medium-Size Enterprise Branch Office Network  List the three types of complex ACLs

20 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 20 Describe Complex ACLs in a Medium-Size Enterprise Branch Office Network  Explain how and when to use dynamic ACLs

21 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 21 Describe Complex ACLs in a Medium-Size Enterprise Branch Office Network  Explain how and when to use reflexive ACLs

22 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 22 Describe Complex ACLs in a Medium-Size Enterprise Branch Office Network  Explain how and when to use time-based ACLs

23 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 23 Describe Complex ACLs in a Medium-Size Enterprise Branch Office Network  Describe how to troubleshoot common ACL problems

24 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 24 Implement, Verify and Troubleshoot ACLs in an Enterprise Network Environment  Create, place and verify a standard/ extended ACL and verify its placement.  Verify ACL’s functionality and troubleshoot as needed.

25 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 25 Summary  An Access List (ACL) is: A series of permit and deny statements that are used to filter traffic  Standard ACL –Identified by numbers 1 - 99 and 1300 - 1999 –Filter traffic based on source IP address  Extended ACL –Identified by number 100 -199 & 2000 - 2699 –Filter traffic based on Source IP address Destination IP address Protocol Port number

26 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 26 Summary  Named ACL –Used with IOS 11.2 and above –Can be used for either standard or extended ACL  ACL’s use Wildcard Masks (WCM) –Described as the inverse of a subnet mask Reason –0  check the bit –1  ignore the bit

27 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 27 Summary  Implementing ACLs –1 st create the ACL –2 nd place the ACL on an interface Standard ACL are placed nearest the destination Extended ACL are placed nearest the source  Use the following commands for verifying & troubleshooting an ACL –Show access-list –Show interfaces –Show run

28 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 28 Summary  Complex ACL –Dynamic ACL –Reflexive ACL –Time based ACL

29 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 29

Download ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 

1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Access Lists Lists of conditions that control access.

Access Lists Lists of conditions that control access.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Implement Inter-VLAN Routing Chapter 6 Modified.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Implement Inter-VLAN Routing Chapter 6 Modified.
Access Control Lists Written by Bill Reed 03/11/05.

Access Control Lists Written by Bill Reed 03/11/05.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.08 Access Control Lists - Introduction.

CISCO NETWORKING ACADEMY Chabot College ELEC Access Control Lists - Introduction.

Similar presentations

Ads by Google