search the web

Wednesday, September 30, 2015

ACL-Access List

ACL-Access List
ACL is used to maintenance that which traffics should be passed on an interface and which traffics should not.  
·         Controlling of outgoing and incoming traffics on an interface.
·         Controlling of virtual terminal access (Telnet)
·         They are specified by either  name or number
·         Prior to Cisco’s IOS version 11.2, ACL could be specified only by number.
·         It is a sequential collection of permit deny criteria that are checked against IP packets
·         Wildcard Mask must me assigned
o   0 in wildcard mask means: allow
o   255 means: don’t care
Basically there are two kinds of ALCs
1.     Standard ACL
a.      The source IP address is determined for matching criteria, not destination IP Address.
b.      1-99
c.       1300 – 1999 (IOS 12.0 and above)
2.     Extended ACL
a.      Determined Source and Destination IP addresses
b.      100 – 199
c.       2000 – 2699 (IOS 12.0 and above)
Applying ACL:
They can be applied either to the:
·         Outbound interface a router
·         Inbound interface of a router
Standard ACLs within Number:
Example; create an ACL that: permit any IP address that are sourced from subnet mask 172.16.10.0 255.255.255.0
R1(config)# acces-list number Permit/deny Source_IP wildcard_mask
R1(config)# access-list 1 permit 172.16.10.0 0.0.0.255
If we determine a single IP address, it can be done in two ways:
R1(config)# access-list 1 permit 172.16.10.250 0.0.0.0
R1(config)# access-list 1 permit 172.16.10.250
R1(config-if)ip address 10.10.10.1 255.0.0.0
R1(config-if) ip access-group 1 in or out
Standard ACLs within Name:
R1(config)# ip access-list standard Test permit 172.16.10.0 0.0.0.255
ACL Remark:
IOS version 12.0(T) supports remarks (comments) and 100 characters are allowed.
R1(config)# access-list 1 remark permit only traffic from Corporate network is allowed
R1(config)# access-list 1 permit 172.16.10.0 0.0.0.255


NAT (Network Address Translation)

No comments: