15 August, 2011

Access control list

           No comments   



1.list controled sequentially

2. range of ACL
 1-99 1300-1999
  • 3
  • Types of ACL.
Writing acl


Router(config)# access-list 10  permit 192.168.30.0 0.0.0.255 %standard acl is understood by the no 10.if non extended acl is used then destination address should be there

Access-list 10 deny 192.168.10.0 0.0.0.255

Access-list 10 permit 192.168.11.0 0.0.0.255

Algorithm of alc: the order of arangement most specific to most general
When acl is applied to router interface 3p rule is to be mainitaind (per protocol per interface per direction one acl is allowd)

Standard acl is applied to the closed end of the destination

EXTENDED ACL

Destianiton ,port and other things can be inclouded in ex-acl

Access-list 110 deny ip 192.168.10.0 .0.0.0.255 192.168.30.0 0.0.0.255

Acces-list 110 permit ip  any any

(two keyword “any”  “host”)
Any==0.0.0.0 255.255.255.255
Host == 192.168.11.10 0.0.0.0

When Is acl cheked?

Ans.inbound and outbound
Extended acl is applied to the closed end of the source

To bolock http traffic
Access-list 110 deny ip 192.168.10.0 .0.0.0.255 192.168.30.0 0.0.0.255 eq 80


NAMED ACL
      Ip accsss-list standard standard/extended
      Router(config)#ip accesslist standard // for standard
                                Permit 192.168.10.0  0.0.0.255        

                              For extended

      Router(config)#ip accesslsit extended ZMB
     
      Router(config)#Permit 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255 //source-destination

Configuring a standard acl most specific to general configuration

     
      Router(config)#int fa 0/1

      Router(config)#in access-group 1 (in /out) 
      Router(config)#Access-list 10 deny 192.168.10.1    0.0.0.0


      Router(config)#Access-list 10 permit 192.168.10.0   0 0.0.255

      Router(config)#Access-list 10 deny 192.168.0.0       0.0.255.255

      Router(config)#Access-list 10 permit 192.0.0.0         0.255.255.255



      Router(config)#no access-list 10 //to delete access-list

Edit acl:

For numbered acl it cant be edited . copy the acceslist to notepad , follwed by manual change


      Router(config)#no access list  10
      Then copy from the notepad to the router confiig mode paste.then enter
     
For named acl, we can edit . while writing the acl we can give line no. in writhgn the acl. When we need to change 

0 comments:

Post a Comment