Trabajos de ti

Solo disponible en BuenasTareas
  • Páginas : 29 (7048 palabras )
  • Descarga(s) : 7
  • Publicado : 16 de junio de 2010
Leer documento completo
Vista previa del texto
Configuring IP Access Lists
Introduction Prerequisites Requirements Components Used Conventions ACL Concepts Masks ACL Summarization Process ACLs Define Ports and Message Types Apply ACLs Define In, Out, Inbound, Outbound, Source, and Destination Edit ACLs Troubleshoot Types of IP ACLs Network Diagram Standard ACLs Extended ACLs Lock and Key (Dynamic ACLs) IP Named ACLs Reflexive ACLsTime-Based ACLs Using Time Ranges Commented IP ACL Entries Context-Based Access Control Authentication Proxy Turbo ACLs Distributed Time-Based ACLs Receive ACLs Infrastructure Protection ACLs Transit ACLs Cisco Support Community - Featured Conversations Related Information

TAC Notice: What's Changing on TAC Web

Help us help you.
Please rate this document. Excellent Good Average Fair PoorThis document solved my problem. Yes No Just browsing Suggestions for improvement:

(256 character limit)


This document explains how IP access control lists (ACLs) can filter network traffic. It also contains brief descriptions of the IP ACL types, feature availability, and an example of use in a network.

Access the Software Advisor ( registered customers only) tool inorder to determine the support of some of the more advanced Cisco IOS® IP ACL features. RFC 1700 contains assigned numbers of well-known ports. RFC 1918 contains address allocation for private Internets, IP addresses which should not normally be seen on the Internet. Note: ACLs might also be used for purposes other than to filter IP traffic, for example, defining traffic to Network AddressTranslate (NAT) or encrypt, or filtering non-IP protocols such as AppleTalk or IPX. A discussion of these functions is outside the scope of this document.

There are no specific prerequisites for this document. The concepts discussed are present in Cisco IOS® Software Releases 8.3 or later. This is noted under each access list feature.

Components Used
This documentdiscusses various types of ACLs. Some of these are present since Cisco IOS Software Releases 8.3 and others were introduced in later software releases. This is noted in the discussion of each type. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network islive, make sure that you understand the potential impact of any command.

Refer to Cisco Technical Tips Conventions for more information on document conventions.

ACL Concepts
This section describes ACL concepts.

Masks are used with IP addresses in IP ACLs to specify what should be permitted and denied. Masks in order to configure IP addresses on interfaces start with 255and have the large values on the left side, for example, IP address with a mask. Masks for IP ACLs are the reverse, for example, mask This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is broken down into binary (0s and 1s), the results determine which address bits are to be considered in processing the traffic. A 0indicates that the address bits must be considered (exact match); a 1 in the mask is a "don't care". This table further explains the concept. Mask Example network address

(traffic that is to be processed) mask network address 00001010.00000001.00000001.00000000 (binary) mask (binary) 00000000.00000000.00000000.11111111

Based on the binary mask, you can see that the firstthree sets (octets) must match the given binary network address exactly (00001010.00000001.00000001). The last set of numbers are "don't cares" (.11111111). Therefore, all traffic that begins with 10.1.1. matches since the last octet is "don't care". Therefore, with this mask, network addresses through (10.1.1.x) are processed. Subtract the normal mask from in...
tracking img