Redes
Páginas: 51 (12555 palabras)
Publicado: 21 de octubre de 2012
ACL
Standard
Extended
Any
Access 0.0.0.0 Lists
permit
deny
Workbook
Version 1.5
access-group
Wildcard Mask
Student Name:
access-list
Access-List Numbers
IP Standard IP Extended Ethernet Type Code Ethernet Address DECnet and Extended DECnet XNS Extended XNS Appletalk 48-bit MAC Addresses IPX Standard IPX Extended IPX SAP (service advertisement protocol) IPX SAP SPXExtended 48-bit MAC Addresses IPX NLSP IP Standard, expanded range IP Extended, expanded range SS7 (voice) Standard Vines Extended Vines Simple Vines Transparent bridging (protocol type) Transparent bridging (vendor type) Extended Transparent bridging Source-route bridging (protocol type) Source-route bridging (vendor type) 1 100 200 700 300 400 500 600 700 800 900 1000 1000 1100 1200 1300 2000 27001 101 201 200 700 1100 200 700 to to to to to to to to to to to to to to to to to to to to to to to to to to 99 199 299 799 399 499 599 699 799 899 999 1099 1099 1199 1299 1999 2699 2999 100 200 300 299 799 1199 299 799
Produced by: Robb Jones jonesr@careertech.net and/or Robert.Jones@fcps.org Frederick County Career & Technology Center Cisco Networking Academy Frederick County Public SchoolsFrederick, Maryland, USA Special Thanks to Melvin Baker, Jim Dorsch, and Brent Sieling for taking the time to check this workbook for errors, and making suggestions for improvements.
Inside Cover
What are Access Control Lists?
ACLs... ...are a sequential list of instructions that tell a router which packets to permit or deny.
General Access Lists Information
Access Lists... ...are readsequentially. ...are set up so that as soon as the packet matches a statement it stops comparing and permits or denys the packet. ...need to be written to take care of the most abundant traffic first. ...must be configured on your router before you can deny packets. ...can be written for all supported routed protocols; but each routed protocol must have a different ACL for each interface. ...mustbe applied to an interface to work.
How routers use Access Lists
(Outbound Port - Default) The router checks to see if the packet is routable. If it is it looks up the route in its routing table. The router then checks for an ACL on that outbound interface. If there is no ACL the router switches the packet out that interface to its destination. If there is an ACL the router checks the packetagainst the access list statements sequentially. Then permits or denys each packet as it is matched. If the packet does not match any statement written in the ACL it is denyed because there is an implicit “deny any” statement at the end of every ACL.
1
Standard Access Lists
Standard Access Lists... ...are numbered from 1 to 99. ...filter (permit or deny) only source addresses. ...do nothave any destination information so it must placed as close to the destination as possible. ...work at layer 3 of the OSI model.
Why standard ACLs are placed close to the destination.
If you want to block traffic from Juan’s computer from reaching Janet’s computer with a standard access list you would place the ACL close to the destination on Router D, interface E0. Since its using only thesource address to permit or deny packets the ACL here will not effect packets reaching Routers B, or C. Router B S0 S1 E0 Router D S1 E0
Router A S0 E0
Router C S1 S0 E0
Matt’s Computer Juan’s Computer Jimmy’s Computer
Janet’s Computer
If you place the ACL on router A to block traffic to Router D it will also block all packets going to Routers B, and C; because all the packets will havethe same source address.
2
Standard Access List Placement Sample Problems
FA0 Router A FA1
Juan’s Computer
Jan’s Computer
In order to permit packets from Juan’s computer to arrive at Jan’s computer you would place the standard access list at router interface ______. FA1
E0
S0
Router A
E1 S1 Router B
Lisa’s Computer
Paul’s Computer
Lisa has been sending...
Standard
Extended
Any
Access 0.0.0.0 Lists
permit
deny
Workbook
Version 1.5
access-group
Wildcard Mask
Student Name:
access-list
Access-List Numbers
IP Standard IP Extended Ethernet Type Code Ethernet Address DECnet and Extended DECnet XNS Extended XNS Appletalk 48-bit MAC Addresses IPX Standard IPX Extended IPX SAP (service advertisement protocol) IPX SAP SPXExtended 48-bit MAC Addresses IPX NLSP IP Standard, expanded range IP Extended, expanded range SS7 (voice) Standard Vines Extended Vines Simple Vines Transparent bridging (protocol type) Transparent bridging (vendor type) Extended Transparent bridging Source-route bridging (protocol type) Source-route bridging (vendor type) 1 100 200 700 300 400 500 600 700 800 900 1000 1000 1100 1200 1300 2000 27001 101 201 200 700 1100 200 700 to to to to to to to to to to to to to to to to to to to to to to to to to to 99 199 299 799 399 499 599 699 799 899 999 1099 1099 1199 1299 1999 2699 2999 100 200 300 299 799 1199 299 799
Produced by: Robb Jones jonesr@careertech.net and/or Robert.Jones@fcps.org Frederick County Career & Technology Center Cisco Networking Academy Frederick County Public SchoolsFrederick, Maryland, USA Special Thanks to Melvin Baker, Jim Dorsch, and Brent Sieling for taking the time to check this workbook for errors, and making suggestions for improvements.
Inside Cover
What are Access Control Lists?
ACLs... ...are a sequential list of instructions that tell a router which packets to permit or deny.
General Access Lists Information
Access Lists... ...are readsequentially. ...are set up so that as soon as the packet matches a statement it stops comparing and permits or denys the packet. ...need to be written to take care of the most abundant traffic first. ...must be configured on your router before you can deny packets. ...can be written for all supported routed protocols; but each routed protocol must have a different ACL for each interface. ...mustbe applied to an interface to work.
How routers use Access Lists
(Outbound Port - Default) The router checks to see if the packet is routable. If it is it looks up the route in its routing table. The router then checks for an ACL on that outbound interface. If there is no ACL the router switches the packet out that interface to its destination. If there is an ACL the router checks the packetagainst the access list statements sequentially. Then permits or denys each packet as it is matched. If the packet does not match any statement written in the ACL it is denyed because there is an implicit “deny any” statement at the end of every ACL.
1
Standard Access Lists
Standard Access Lists... ...are numbered from 1 to 99. ...filter (permit or deny) only source addresses. ...do nothave any destination information so it must placed as close to the destination as possible. ...work at layer 3 of the OSI model.
Why standard ACLs are placed close to the destination.
If you want to block traffic from Juan’s computer from reaching Janet’s computer with a standard access list you would place the ACL close to the destination on Router D, interface E0. Since its using only thesource address to permit or deny packets the ACL here will not effect packets reaching Routers B, or C. Router B S0 S1 E0 Router D S1 E0
Router A S0 E0
Router C S1 S0 E0
Matt’s Computer Juan’s Computer Jimmy’s Computer
Janet’s Computer
If you place the ACL on router A to block traffic to Router D it will also block all packets going to Routers B, and C; because all the packets will havethe same source address.
2
Standard Access List Placement Sample Problems
FA0 Router A FA1
Juan’s Computer
Jan’s Computer
In order to permit packets from Juan’s computer to arrive at Jan’s computer you would place the standard access list at router interface ______. FA1
E0
S0
Router A
E1 S1 Router B
Lisa’s Computer
Paul’s Computer
Lisa has been sending...
Leer documento completo
Regístrate para leer el documento completo.