Scribd Logo
Upload

Welcome to Scribd!

  • ACL Introduction

    Uploaded by

    Kjell15
    273 views14 pages
    Standard access lists are placed as close to the destination as possible. If you want to block traffic from Juan's computer from reaching Janet's computer with the standard access list, you would place The ACL here. It will also block all packets going to Routers B and C because all the packets will have the same source address.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Standard access lists are placed as close to the destination as possible. If you want to block traffic from Juan's computer from reaching Janet's computer with the standard access list, you would place The ACL here. It will also block all packets going to Routers B and C because all the packets will have the same source address.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    273 views14 pages

    ACL Introduction

    Uploaded by

    Kjell15
    Standard access lists are placed as close to the destination as possible. If you want to block traffic from Juan's computer from reaching Janet's computer with the standard access list, you would place The ACL here. It will also block all packets going to Routers B and C because all the packets will have the same source address.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Access Control Lists

    STANDARD
    ACCESS CONTROL LISTS

     Are number from 1 to 99


     Filter (permit or deny) only source addresses
     Do not have any destination information so it
    must be placed as close to the destination as
    possible
     Work at layer 3 of the OSI model
    Why Standard ACLs are placed close to the destination?
    If you want to block traffic from Juan’s computer from reaching Janet’s computer with the
    standard access list, you would place the ACL close to the destination on Router D,
    interface E0. Since, it is using only the source address to permit or deny packets. The ACL
    here will not affect packets reaching Routers B and C. Router D
    Router B ACL
    S1 S0 here
    Router A
    S1
    S0 Router C E0
    E0 S1
    E0 S0
    E0

    E0

    Janet’s computer

    Juan’s computer

    If you place the ACL on Router A to block traffic to Router


    D, it will also block all packets going to Routers B and C
    because all the packets will have the same source
    address
    Standard Access List Placement Sample Problems
    PROBLEM # 1

    Router A

    FA0 FA1

    Jan’s computer
    Juan’s computer

    In order to permit packets from Juan’s computer to arrive at Jan’s


    computer, you would place the standard access list at FA1
    router
    interface _____________.
    Standard Access List Placement Sample Problems
    PROBLEM # 2

    Router A Router B

    S1
    FA0 S0 FA1

    Poolo’s computer
    Ericka’s computer

    Ericka has been sending unnecessary information to Paolo.


    Where would you place the standard ACL to deny all traffic from Ericka to
    Paolo? Router B FA1
    Router Name ______________ Interface ____________
    Where would you Router
    place theAstandard ACL to
    FA0
    deny all traffic from Paolo to
    Ericka?
    Router Name ______________ Interface ____________
    Standard Access List Placement : EXERCISE
    Router B
    S0
    S1
    Router A
    E0 S0 Router C
    FA1
    Ricky’s S1 S1
    computer

    George’s
    Jenny’s computer
    computer
    Amanda’s
    S1 computer
    E0
    Router D
    Carol’s
    Jeff’s compute
    S0
    computer Kathy’s
    Jim’s computer
    computer
    Linda’s
    computer S1
    S1 S0 FA1
    E0
    Router F
    Router E
    Melvin’s
    Jackie’s computer
    Sarah’s computer
    computer
    EXTENDED
    ACCESS CONTROL LIST

    Are numbered from 100 to 199


     Filter (permit or deny) based on : source address,
    destination address, protocol and port number
     Are placed close to the source
     Work at both Layers 3 and 4 of the OSI model
    Why Extended ACLs are placed close to the source?
    If you want to block traffic from Juan’s computer from reaching Janet’s computer with the
    extended access list, you would place the ACL close to the source on Router A,
    interface E0. Since it can permit or deny packets based the destination address, it can
    reduce backbone overhead and not affect traffic in Routers B and C.Router D
    Router B

    Router A S1 S0
    S1
    S0 Router C E0
    E0
    ACL S1
    E0 here S0

    E0

    Janet’s computer

    Juan’s computer

    If you place the ACL on Router D to block the traffic from


    Router A, it will work. However, Routers B and C will have to
    route the packet before it is finally blocked at Router D. This
    increases the volume of useless network traffic
    Extended Access List Placement Sample Problems
    PROBLEM # 1

    Router A

    E0 E1

    Jan’s computer
    Juan’s computer

    In order to permit packets from Juan’s computer to arrive at Jan’s


    computer, you would place the standard access list at E0
    router
    interface _____________.
    Extended Access List Placement Sample Problems
    PROBLEM # 2

    Router A Router B

    S1
    FA0 S0 FA1

    Poolo’s computer
    Ericka’s computer

    Ericka has been sending unnecessary information to Paolo.


    Where would you place the standard ACL to deny all traffic from Ericka to
    Paolo? Router A FA0
    Router Name ______________ Interface ____________
    Where would you Router
    place theBstandard ACL to
    FA1
    deny all traffic from Paolo to
    Ericka?
    Router Name ______________ Interface ____________
    EXTENDED Access List Placement : EXERCISE
    Router B
    S0
    S1
    Router A
    E0 S0 Router C
    FA1
    Ricky’s S1 S1
    computer

    George’s
    Jenny’s computer
    computer
    Amanda’s
    S1 computer
    E0
    Router D
    Carol’s
    Jeff’s compute
    S0
    computer Kathy’s
    Jim’s computer
    computer
    Linda’s
    computer S1
    S1 S0 FA1
    E0
    Router F
    Router E
    Melvin’s
    Jackie’s computer
    Sarah’s computer
    computer
    Breakdown of a Standard ACL Statement
    wildcard
    permit or
    mask
    deny

    access-list 1 permit 192.168.90.36 0.0.0.0

    access-
    list # (1- source
    99) address

    source
    permit or address
    deny

    access-list 78 deny host 192.168.90.36

    access- Indicates a
    list # (1- specific
    99) host
    address
    Breakdown of an Extended ACL Statement
    source Destination
    permit or
    address address
    deny

    access-list 125 permit ip 192.168.90.36 0.0.0.0


    192.175.63.12 0.0.0.0
    access-list
    # (100- Protocol Source wildcard destination
    199) icmp,tcp,u mask wildcard mask
    dp,ip etc

    Indicates a
    specific Indicates a destination
    permit or host specific host address
    deny address address

    access-list 178 deny tcp host 192.168.90.36 host


    192.175.63.12
    access-list Protocol source
    # (100- icmp,tcp,u address
    199) dp,ip etc

    Protocols include: IP,TCP,UDP,ICMP,IGMP,IGRP,EIGRP,OSPF. To match any internet protocol, use IP


    GIVEN:

    ess-list 125 permit ip 192.168.90.36 0.0.0.0 192.175.63.0 0.0

    10) 125 - ___________________

    11) ip - ___________________

    12) 192.168.90.36 - ___________________

    13) 0.0.0.0 - ___________________

    14) 192.175.63.0 - ___________________

    15) 0.0.0.255 - ___________________

    You might also like