Professional Documents
Culture Documents
CLASSROOM IN A BOOK
Topic:
Presented by:
EasyPeezi?
The idea behind EasyPeezi is that which makes Learning its very Easy for Everyone.
In EasyPeezi we have 2 cartoon character the boy is Easy & the Girl is Peezzi :-p you can see the pic
below which help you to Read books, blogs very easily.
In Easypeezzi site I upload my Education my notes my concept which I have in my field and try to share
with you all guys in Roman so you can also Learn this Concept Quickly & Easily as you know English
or Not..
I invest my lots of Time & Efforts to build site learn this things making all notes and books in Roman
type thousands of words by my self & Share my knowledge with all of you. so take It serious learn things
quickly go ahead and enjoy the show.
For further details visit Site www.Easypeezzi.com hope this site is helpful you and others and its
informative to learn these things Quickly & Easily. So0o its all about EasyPeezzi.
Feedback
Easypeezzi@gmail.com
All contents copyright All rights reserved. No part of this document or the related files may be reproduced
or transmitted in any form, by any means (electronic, photocopying, recording, or otherwise) without the
prior written permission of the publisher.
U Contant U Page No
Types of ACL?
1) Standard ACL?
o Where to apply standard ACL?
o Important for standard ACL?
2) Extended ACL? 06
a. Where to apply Extended ACL?
b. Advantage of Extended ACL direct HTTP Block? 07
c. Advantage of Extended ACL direct TELNET
Standard ACL:
Standard ACL my hum filtering kar sakty hy base upon the Source IP Address matlab kessi bhi
computer ki IP dy kar us ki Traffic k access ko block kai ja sakta hy. Standard ACL my hamy control
bhut kam milta hy hum is py blocking kar sakty but sirf us computer ki source IP ki base py k Traffic
kis IP sy aarahi hy kis IP py jaraha hy us py nahi.
To yaha hammy is ka bhut bara disadvantage face karny ko milta hy qk hum Router k interface py is
source IP ko block to kar dyty suppose k ye PC hamary Server ko access na kar saky to is condition my
hum ny 1 ACL laga di or us computer ki Source IP waha define kar di to Disadvantage ye hoga k pher
wo PC server ko access nahi karye ga qk ACL Apply hy per wo PC us k sath sath waha rakhy kessi
Computer ya kessi or server ko bhi Access nahi kar paye.
Reason Standard ACL Source IP dekhti hy Destination nahi ussy sirf ye pata hy k kis IP k Traffic ko
block karna hy ye nahi pata k kis k ley block karna hy to essy my wo us sub computer k ley us PC ki
Traffic ko Block kar dygi jo Router k dosray End py hy qk waha Router us packet ko filter kary ga or
dekhy ga ACL hy sirf Source IP to waha wo us IP ki sari Traffic ko Discard karta rahy ga or Traffic
aggy pass nahi kary ga.
Thats way yaha hammy Router ki Selection bhut dekh k karni parti hy matlab k wo Router hamry
network per to hu per Client side sy na connect hu warna Client side ki bhi Traffic Block hojaye gi TO
essi ley hum zada tar Extended ACL ko Use karty hy qk waha hum pher Source or Destination IP donu
bataty hy manually to waha itni problem nahi hoti Per Router Selection waha bhi bhut important hy k
ACL kis Router, interface or kis direction mai configure karni hai.
ACL my hum 1 single IP ko bhi Block kar sakty hy or ACL ki 1 Statement sy pory Network ki IP ko
bhi block kia ja sakta hy agar us Source IP my apny Pory Network ki IP lekh dy ya Range define kardy
like 192.168.0.10/20 Deny is tarha sy to 10 sy ly kar 20 tak k PC ki Traffic Block hojaye gi 1 single
Statement sy. Or is tarha k Range ko Block karny k ley hum Wildcard Mask use karty hy.
Range of Standard ACL is 1 to 99 & 1300 to 1999 (Expended Range)
Matlab hum jo bhi statement configure kary gy Router per us k statement number ki range 1 sy ly kar 99
tak hogi or hum 1 hi statement per different actions laga sakty hy like IN/OUT. Matlab k statement ka
number 1 hi rahy or us py action change ho yani Deny or Permit.
Extended ACL:
Extended ACL is good for implementation because Extended ACL my hum filtering kar sakty hy base
upon the.
1) Source IP Address.
2) Destination IP Address.
3) Protocol Base Blocking like HTTP, FTP, ICMP, UDP, TCP.
4) Blocking via Port Number.
To is my hammy control bhut zada milta hy is ley ye zada use hoti hy & this is the 2nd type of ACL.
Range of Extendard ACL is 100 to 199 & 2000 to 2699 (Expended Range)
The 1st advantage is hum direct hi us ki Destination IP ko Block kar sakty hy sirf ussi PC k ley or bakki
ki Communication permit hi rahy gi or bs us Destination IP k ley hi deny hojaye gi.
The 2nd advantage is Extended ACL ka k hum protocol base blocking bhi kar sakty hy jessy koi ping na
kar saky to waha hum ny ICMP ko Deny kar diya. Or 2nd k koi Browsing na kar saky to waha hum ny
port number 80 dy HTTP ko Block kar diya matlab pori connectivity nahi block hoi just protocol ko
block kia jo hum chaty thy.
Is Configuration mai problem ye hy k hum ny Telnet ko is my block kia per is my Problem ye hy agar is
router my koi Dosra interface Up hoga to waha sy Telnet hojaye ga wo kessi dosray interface sy telnet
ka console ly lyga to agar hammy Telnet rokna hoga to hum pher 1 Statement configure kary gy or pher
waha us interface ki destination IP ko configure kary gy to ye koi good solution nahi hy matlab Router
per jitney bhi interfaces hongy hammy utni hi Statement Again & Again Configure karni pary gi Telnet
ko block karny k ley.
Bajaye is k k hum her interface per blocking kary telnet ka 1 simple or best way ye hy k hum us line ko
hi block kar dy jaha telnet use hoti hy or wo line hy line vty jaha telnet use hoti hy to best way ye hy k
hum us Router per us line ko hi Deny kar dy to jitney bhi interfaces hongy us Router per sub py auto hi
Telnet deny hojaye ga.
Router(config-std-nacl)# no 10
(2nd Method of Delete Single Statement with ACL number)
Note That:
Cisco ny named ACL my her ACL ko 1 number diya hy wo jab hum Show access-list ki command
chalaty hy to hammy wo number dekhty hy. or ye 10 sy start hoty hy or aagyee barhty jaty hy. Ye gape
is ley hota hy taky agar hammy koi statement bad my add karani hoi to hum us sy phly ka number use
kar k us statement ki placement waha kar sakty hy agar hum essa nahi kary gy or koi statement configure
kar dygy to wo statement us list k last my ja kar lag jaye gi jo permit statement k bad hogi or ussy number
bhi us k bad ka hi milly ga to wo run nahi hi hopaye gi essi ley hummy number bhi ussi gape ko use
karty howy dyna hota hy jaha hammy wo statement place karni hu jaisy my ny oper diya hy 10 or 20 k
bech ka number taky wo statement jo my ny bad my configure ki hy wo waha ja k place ho saky.
Router k ussi interface py jaha wo traffic access ho rahi hoti hy ussi interface py ACL laga k hammy
ussy Block karna hota hy.
Selection/Planning of ACL:
1) Step k kon sy Router py ACL lagani hy agar ap k Network my multiple Router hy to phly to Router
ki selection hogi k kon sa router py ACL Apply karni hy.
2) Step k us Router k kon sy interface py ACL ko Apply karna hy like agar apky Rotuer per Multiple
Ports hy to waha apko ye bhi dekhna hoga k Router k kis interface py ap ACL ko Apply karo gy.
1) In Bound:
Means traffic jaha sy aarahi hu agar wo side Block karni hy tu waha hum InBound Direction ko
use karty hy ACL Apply karny k ley. Inbound direction ki ACL work karti hy Routing Decision sy
phly. Jab koi bhi packet Router py in hoti hy to phly wo ussy match karta hy apny Routing table my
or pher ACL statement ko check karta hy k wo Deny hy ya Permit Deny hota hy Packet Discard kar
dyta hy or Permit hota hy to Packet aagye Forward kar dyta hy.
2) Out Bound:
Means traffic jaha sy Bahar ja rahi hu us side py Blocking lagany k ley hum Outbound Direction
ko use karty hy ACL Apply karny k ley. Or outbound direction ki ACL work karti hy Routing
Decision k Baad.
Router k her (1) Single interface py hum sirf (2) ACL ko hi use kar sakty hy wo bhi jab un donu ki
directions different hu yani 1 interface py 1 hi ACL lagi ho incoming Traffic ko Block karny k ley or 1
ACL lagi hu Outgoing Traffic ko Block karny k ley.
Yess you Learn ACLs:-) Now Plan your Another Day & Learn NAT Terminology Ahead
Feedback
Easypeezzi@gmail.com
Visit Site www.EasypeezZi.com & Download Other Topics & Modules & Learn with FUN