Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Published byCaroline Davis Modified over 8 years ago

Similar presentations

Presentation on theme: "Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that."— Presentation transcript:

1 Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that filter traffic both to and from a network segment based on –the source address, –destination address, –protocol type, –and port number of a packet.

2 Access Lists 2 Problems with Access Lists One of the most common problems associated with access lists is a lack of planning Another troublesome area is the sequential nature in which you must enter the list into the router Many new network administrators find themselves in trouble when they Telnet into a router and begin applying an access list

3 Access Lists 3 Access List Rules Access List are first created, and then they are s are applied to interfaces Inbound: Direction is into the router Outbound: Direction is out of the router

4 Access Lists 4 Access List Rules Routers apply lists sequentially in the order in which you type them into the router Routers apply lists to packets sequentially Packets are processed only until a match is made and then they are acted upon based on the access list criteria contained in access list statements Implicit deny any –Blocks all packets that do not meet requirements of the access list unless permit any command is used at the end of the list

5 Access Lists 5 Access List Rules Access lists must be applied to an interface as either inbound or outbound traffic filters Only one list, per protocol, per direction can be applied to an interface You cannot remove one line from an access list. Access list are effective as soon as they are applied

6 Access Lists 6 Standard IP Access Lists –Filter network traffic based on the source IP address only –Using a standard IP access list, you can filter traffic by a host IP, subnet, or a network address Wildcard mask –Also called inverse mask –Applied to IP addresses to determine if an access list line will act upon a packet

7 Access Lists 7 Wildcard mask Used to specify part of network Block size: 64, 32, 18, 8, 4 Examples deny 172.16.10.0 0.0.0.255 deny 172.16.0.0 0.0.255.255 deny 172.16.16.0 0.0.3.255 deny 172.16.16.0 0.0.7.255 deny 172.16.32.0 0.0.31.255

8 Access Lists 8 Standard IP Access List Examples

9 Access Lists 9 Monitoring Standard IP Access Lists Three main commands are available for monitoring access lists on your router: –Show access-lists –Show ip access-lists –Show interfaces or show ip interfaces It is a good idea to run each of these commands after creating and applying access lists

10 Access Lists 10 Lab

11 Access Lists 11 Extended IP Access Lists IP access lists that filter traffic by: –Source IP address –Destination IP address –Protocol type –Port number Type R(config)#acces-list ? Type R(config)#acces-list 110 ? Type R(config)#acces-list 110 deny ? Type R(config)#acces-list 110 deny tcp ? Type R(config)#acces-list 110 deny tcp any ? Type R(config)#acces-list 110 deny tcp any host 172.16.30.2 ? Type R(config)#acces-list 110 deny tcp any host 172.16.30.2 eq ?

12 Access Lists 12 Extended IP Access Lists Interpret these commands R(config)#acces-list 110 deny tcp host 172.16.20.10 host 172.16.30.2 eq 80 R(config)#acces-list 110 deny tcp host 172.16.20.10 any eq 80 R(config)#acces-list 110 deny tcp any any eq 80

13 Access Lists 13 Extended IP Access List Examples Acme# config terminal Acme(config)# access-list 110 deny tcp any host 172.16.10.5 eq 21 Acme(config)# access-list 110 deny tcp any host 172.16.10.5 eq 23 Acme(config)# access-list 110 permit ip any any Acme(config)# int e0 Acme(config-if)# ip access-group 110 out.

14 Access Lists 14 Extended IP Access List Examples Type commands to block host 172.22.5.2 from accessing Web Services on server 172.22.2.2

15 Access Lists 15 Monitoring Extended IP Access Lists

16 Access Lists 16 Standard IPX Access Lists Very similar to their IP cousins –One distinct difference Can filter based on source and destination addresses –Standard IP access lists can only filter based on source addresses In all other aspects, they act just like standard IP access lists

17 Access Lists 17 Standard IPX Access List Examples

18 Access Lists 18 Extended IPX Access Lists Allow you to filter based on source and destination network or node address, IPX protocol type, or IPX socket number

19 Access Lists 19 Extended IPX Access Lists

20 Access Lists 20 IXP SAP Filters Limit SAP traffic on order to control what resources on the IPX network will be visible to IPX clients –Allows you to limit the “advertising” of particular servers and services to a particular IPX network segment –Since SAP advertisements are broadcast, limiting them reduces network traffic IPX input SAP filters reduce the number of SAP entries that are placed into a router’s SAP table

21 Access Lists 21 IPX SAP Filter Example

Download ppt "Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that."

Similar presentations

Student Guide www.visioninfosystems.org Access List.

Student Guide Access List.
Access Control Lists. Types Standard Extended Standard ACLs Use only the packets source address for comparison 1-99.

Access Control Lists. Types Standard Extended Standard ACLs Use only the packets source address for comparison 1-99.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition

CCNA Guide to Cisco Networking Fundamentals Fourth Edition
Access Control List (ACL)

Access Control List (ACL)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.

NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 

1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
Institute of Technology, Sligo Dept of Computing Access Control Lists Semester 3, Chapter 6.

Institute of Technology, Sligo Dept of Computing Access Control Lists Semester 3, Chapter 6.
Access Lists Lists of conditions that control access.

Access Lists Lists of conditions that control access.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Similar presentations

Ads by Google