1. 1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

2. 222 © 2004, Cisco Systems, Inc. All rights reserved. Objectives

3. 333 © 2004, Cisco Systems, Inc. All rights reserved. What are ACLs? ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.

4. 444 © 2004, Cisco Systems, Inc. All rights reserved. How ACLs Work

5. 555 © 2004, Cisco Systems, Inc. All rights reserved. Protocols with ACLs Specified by Numbers

6. 666 © 2004, Cisco Systems, Inc. All rights reserved. Define an ACL & Apply it Wildcard Mask Deny all packets from 172.16.1.1 access-list number Apply ACL #2 to interface e0 Apply to all Incoming packets

7. 777 © 2004, Cisco Systems, Inc. All rights reserved. The Function of a Wildcard Mask

8. 888 © 2004, Cisco Systems, Inc. All rights reserved. Verifying ACLs There are many show commands that will verify the content and placement of ACLs on the router. show ip interface show access-lists Show running-config

9. 999 © 2004, Cisco Systems, Inc. All rights reserved. Standard ACLs

10. 10 © 2004, Cisco Systems, Inc. All rights reserved. Extended ACLs Source IP addr plus wildcard Destination IP addr.

11. 11 © 2004, Cisco Systems, Inc. All rights reserved. Named ACLs 單一主機

12. 12 © 2004, Cisco Systems, Inc. All rights reserved. Placing ACLs Standard ACLs should be placed close to the destination. Extended ACLs should be placed close to the source.

13. 13 © 2004, Cisco Systems, Inc. All rights reserved. Firewalls A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders.

14. 14 © 2004, Cisco Systems, Inc. All rights reserved. Restricting Virtual Terminal Access

15. 15 © 2004, Cisco Systems, Inc. All rights reserved. Summary