Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
70Activity
0 of .
Results for:
No results containing your search query
P. 1
Ccna Quick Revision Notes

Ccna Quick Revision Notes

Ratings: (0)|Views: 1,063 |Likes:
Published by Paul

More info:

Published by: Paul on Jun 26, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

05/06/2013

pdf

text

original

 
Quick Notes
Standard Access Lists
1 - 99 or 1300 - 1999 Standard Access List (Looks at the source IP) place close to destinationStop the Accounting users from accessing the HR server attached to Lab B router but allow all other users access to the LAN.
RouterB#config tRouterB(config)#
access-list 10 deny 192.168.10.128 0.0.0.31
RouterB(config)#
access-list 10 permit any
RouterB(config)#
interface Ethernet 0
RouterB(config-if)#
ip access-group 10 out
192.168.10.129/27 = /24 +3 bits = 4
th
octet is the interesting octet 11100000 = 224,Block size = 256 – 224 = 32Net ID’s 0, 32, 64, 96,128, 160Host 192.168.10.129 is in the 128 subnetso subnet = 192.168.10.128Wildcard is 0.0.0.31, one less than the block size in the interesting octet.
 
Extended Access Lists
100 - 199 or 2000 2699 Extended Access List
 
place close to sourceStop telnet access to the networks attached to the E1 and E2 interfaces.
Rtr(config)#
access-list 110 deny tcp any 172.16.48.0 0.0.15.255 eq 23
Rtr(config)#
access-list 110 deny tcp any 172.16.192.0 0.0.63.255 eq 23
Rtr(config)#
access-list 110 permit ip any any
Rtr(config)#
interface Ethernet 1
Rtr(config-if)#
ip access-group 110 out
Rtr(config-if)#
interface Ethernet 2
Rtr(config-if)#
ip
 
access-group 110 out
172.16.50.173/20, Class B address /16, 3
rd
octet is the interesting octet /20 = 4 bits borrowed,11110000 = 240Block size = 256 - 240 = 16,0, 16, 32, 48, 6450 is in the 48 subnet = 172.16.48.0, wildcard mask is 1 less than block size = 0.0.15.255
Note
we configure one access list containing both conditions and apply it to the two interfacesrather than create one access list for each condition and place it on each interface.
Example
 
Prevent SMTP traffic originating from the WANs from travelling over link A to an SMTP server withdestination 192.168.115.20 by putting an outbound extended IP access list on the Serial 0 interfaceof RouterX.
 
Source Destination
rtr(
config)#
access-list 105 deny TCP any host 192.168.115.20 eq SMTP
rtr(config)#
access-list 105 permit IP any any
rtr(config)#
interface serial 0
rtr(config-if)#
ip
 
access-group 105 out
Example
HTTP, Telnet, Simple Mail Transfer Protocol (SMTP), POP3, and FTP traffic are permitted, and therest of the traffic sourced from Network B destined to Network A is denied.Permit TCP traffic with destination port values matching WWW (port 80), Telnet (port 23), SMTP(port 25), POP3 (port 110), FTP (port 21), or FTP data (port 20).
rtr(config)#
access-list 102 permit tcp any any eq www
rtr(config)#
access-list 102 permit tcp any any eq telnet
rtr(config)#
access-list 102 permit tcp any any eq smtp
rtr(config)#
access-list 102 permit tcp any any pop3
rtr(config)#
access-list 102 permit tcp any any eq 21
rtr(config)#
access-list 102 permit tcp any any eq 20
rtr(config)#
interface ethernet0
rtr(config-if)#
ip access-group 102 in
Notice an implicit deny all clause at the end of an ACL denies all other traffic, which does notmatch the permit clauses.

Activity (70)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Ahmad Ali liked this
K.m.khizir Ahmed liked this
junuki liked this
Sambo Leang liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->