Access Control List (ACL)
Open console of router by default you are in user mode
Router>Write command enable to enter privilege mode
Router>enable
Router#
Write command configure terminal to enter global config mode
Router#configure terminal
Router(config)#
All the configuration are done in global config mode
Introduction
ACL is used for denying traffic for an IP or a group of IPs.
TODO
Types of Traffic
Inbound Traffic - Traffic or packets going into the router
Outbound Traffic - Traffic or packets coming out of the router
Types of ACL
There are two types of ACL
1. Standard ACL (1-99)
- applied closest to the destination
- denies or permits source IP address
2. Extended ACL (100-199)
- applied closest to the source
- denies or permits source IP address
- denies or permits destination IP address
- denies or permits port (service)
Standard ACL
Consider two networks having subnets Source Network ID (SNID) and Destination Network ID (DNID) attached to the routers RSource and RDestination respectively.
Suppose you want to deny a host from the SNID network having IP IPsource to access the DNID network. This can be done through Standard ACL by creating an ACL which denies the host having IP IPsource.
1. Creating an ACL
Open console of router RDestination
Go to global config mode
Router(config)#
Router(config)#
Enter command ->access-list ACLNumber deny IPsource WildCardBits
Router(config)#access-list 1 deny 10.0.2.3 0.0.0.0
% 1 for standard ACL. Deny only one IP address
% 1 for standard ACL. Deny only one IP address
Enter command ->access-list ACLNumber permit any
Router(config)#access-list 1 permit any
% Permit all other traffic
% Permit all other traffic
2. Applying the ACL to the interface
Go to global config mode
Router(config)#
Enter command ->interface interfaceName
Router(config)#interface fa0/0
% fa0/0 is the interface on which the ACL will be applied
Enter command ->ip access-group ACLName InBoundOrOutBound
Router(config)#ip access-group 1 out
% Here out is for outbound traffic
Source:- Cisco CCNA Security
Router(config)#
Enter command ->interface interfaceName
Router(config)#interface fa0/0
% fa0/0 is the interface on which the ACL will be applied
Enter command ->ip access-group ACLName InBoundOrOutBound
Router(config)#ip access-group 1 out
% Here out is for outbound traffic
I have to agree with everything in this post. Thanks for the useful sharing information.
ReplyDeleteRPA Training in anna nagar
RPA Training in Chennai
RPA Training in OMR
java training in T nagar
Salesforce Training in T Nagar
RPA Training in T Nagar
Hadoop Training in anna nagar
IELTS Coaching in OMR