Monday, 4 February 2019

Access Control List

Access Control List (ACL)

Open console of router by default you are in user mode
Router>

Write command enable to enter privilege mode
Router>enable                                
Router#    

Write command configure terminal to enter global config mode
Router#configure terminal
Router(config)#

All the configuration are done in  global config mode

Introduction

ACL is used for denying traffic for an IP or a group of IPs.

TODO

Types of Traffic 

Inbound Traffic - Traffic or packets going into the router
Outbound Traffic - Traffic or packets coming out of the router

Types of ACL 

There are two types of ACL
1. Standard ACL (1-99)
  •         applied closest to the destination
  •         denies or permits source IP address

2. Extended ACL (100-199)
  •         applied closest to the source
  •         denies or permits source IP address
  •         denies or permits destination IP address
  •         denies or permits port (service)

Standard ACL

Consider two networks having subnets  Source Network ID (SNID) and Destination Network ID (DNID) attached to the routers RSource and RDestination respectively
Suppose you want to deny a host from the SNID network having IP IPsource to access the DNID network. This can be done through Standard ACL by creating an ACL which denies the host having IP IPsource. 


1. Creating an ACL

Open console of router RDestination
                
      Go to global config mode
      Router(config)#
                
      Enter command ->access-list ACLNumber deny IPsource WildCardBits
      Router(config)#access-list 1 deny 10.0.2.3 0.0.0.0    
                           % 1 for standard ACL. Deny only one IP address
                
      Enter command ->access-list ACLNumber  permit any
      Router(config)#access-list 1 permit any  
                           % Permit all other traffic
        
2. Applying the ACL to the interface
                
       Go to global config mode
       Router(config)#
                
       Enter command ->interface interfaceName   
       Router(config)#interface fa0/0  
                          % fa0/0 is the interface on which the ACL will be applied
                
       Enter command ->ip access-group ACLName InBoundOrOutBound
       Router(config)#ip access-group 1 out   
                          % Here out is for outbound traffic 

Extended ACL

TODO

   Source:- Cisco CCNA Security
                
                

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)