Scribd Logo
Upload

Welcome to Scribd!

  • File1 Day8 Access List

    Uploaded by

    Mir Farhan Ali Abedi
    17 views75 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views75 pages

    File1 Day8 Access List

    Uploaded by

    Mir Farhan Ali Abedi

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 75

    s

    .

    .

    .

    .

    I

    . .

    SUNMAR'SS Technologies

    1

    2

    Ru les of Access Llst

    SUNMAR'SS Technologies

    • All, denv statements have to be giv,en First

    • There should be at least one Permi:t statement

    • An implicit ,deny blocks all traffic b'y' default when there is no match: (an invisible statement),

    • C,an have one access-list per interface per direction. (I.e.) Two access-list per interface, one, in inbound direction and' one in outbound dlrectlon,

    • Works in Sequential order

    • Ed,ili,Fig of access-lists is, not possible (I.e) Se'lectively adding' or removing, access-Ilst statements is not possible.

    Standard' ACL: - Ne,twork D'i,agra,m

    10.0,.0.1/8 so

    3

    EO 192.168.1.150/24

    51"" ':1.0.0,.0.2/8'

    ,EO 192.168.2.1.50/24

    ", ',' . " .. ::.

    11.'O.O.~1 0

    I-\J

    192.168.3.150/

    I

    LAN - 192.168.1.0/24

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    How Stan,dard ACL Wo'rks ?

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 ~~~~SO

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    EO 192.168.1.

    ---,_.

    _1 _

    ,EO 192.168.2.1,50/24

    ,EO 192.168.3.150/

    LAN - 192.168.1.0/24

    I

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    4

    access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any

    SUNMAR·SS Technologies

    5

    6

    SUNMAR'SS Technologies

    access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any

    How Standard ACL Works: ?

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 ~~~~so

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    EO 192.168.1.

    ---,_.

    _1 _

    ,EO 192.168.2.1,50/24

    ,EO 192.168.3.150/

    LAN - 192.168.1.0/24

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    7

    How St,anda,rd: AC,L Works?

    access-list 1 deny 192.168.1.2 0.0.0.0 access-list 1 permit any

    SUNMAR'SS Technologies

    8

    How Standard ACL Wo,rks ?

    access-list 1 deny 192.168.1.1 0.0.0.0

    access-list 1 permit any

    SUNMAR'SS Technologies

    9

    How Standa,rd ACL Wo,rks ?

    access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 de"ny 192.168.1.2 0.0.0.0

    ::.-

    SUNMAR'SS Technologies

    10

    access-list 1 deny 192.168.1.1 0.0.0.0 access-list 1 de"ny 192.168.1.2 0.0.0.0

    ::.-

    SUNMAR"SS Technologies

    ~D

    - "-

    11

    Standard' ACL: - Network D'iagra,m

    10.0,.0.1/8 so

    11

    EO 192.168.1.150/24

    51"" ':1.0.0,.0.2/8'

    ,EO 192.168.2.1.50/24

    ", ',' . " .. ::.

    11.'O.O.~1 0

    I-\J

    192.168.3.150/

    I

    LAN - 192.168.1.0/24

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    How Standar.d ACL Works: ?

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 ~~~~so

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    EO 192.168.1.

    ---.-.

    _1 _

    ,EO 192.168.2.1.50/24

    ,EO 192.168.3.150/

    LAN - 192.168.1.0/24

    I

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    13

    How Standard ACL Wo'rks ?

    access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

    SUNMAR'SS Technologies

    14

    I:=;

    How Standa,rd: ACL: Works?

    . .

    SUNMAR'SS Technologies

    access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

    How St,anda,rd: ACL Works?

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 ~~~~so

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    EO 192.168.1.

    ---,_.

    _1 _

    ,EO 192.168.2.1,50/24

    ,EO 192.168.3.150/

    LAN - 192.168.1.0/24

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    16

    How Standa,rd ACL Wo,rks ?

    access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

    SUNMAR'SS Technologies

    17

    How Standa.rd: ACL: Works?

    access-list 5 permit any

    SUNMAR'SS Technologies

    18

    access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255

    ::.- -----------.

    How Standar.d ACL Works: ?

    SUNMAR·SS Technologies

    19

    access-list 5 deny 192.168.1.1 0.0.0.0 access-list 5 deny 192.168.3.0 0.0.0.255

    ::.- -----------.

    SUNMAR"SS Technologies

    ~D

    - "-

    20

    How Standa,rd ACL Wo,rks ?

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 SO

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    EO 192.168.1.

    ---,_.

    _1 _

    ,EO 192.168.2.1,50/24

    ,EO 192.168.3.150/

    LAN - 192.168.1.0/24

    I

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    21

    How Standa,rd: ACL: Works?

    . .

    access-list 5 deny 192.168.3.0 0.0.0.255 access-list 5 permit any

    SUNMAR'SS Technologies

    22

    How Standard ACL Wo,rks ?

    access-list 5 deny 192.168.1.1 0.0.0.0

    access-list 5 permit any

    SUNMAR'SS Technologies

    23

    24

    How Standard ACL Wo,rks ?

    SUNMAR'SS Technologies

    access-list 5 deny 192.168.1.1 0.0.0.0

    access-list 5 permit any

    Ext'ended ACL .. Network' Di'agram

    10.0,.0.1/8 so

    EO 192.168.1.150/24

    51"" ':1.0.0,.0.2/8'

    ,EO 192.168.2.1.50/24

    ", ',' . " .. ::.

    11.'O.O.~1 0

    I-\J

    192.168.3.150/

    I

    LAN - 192.168.1.0/24

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    How Exte,nd,ed' ACL: Wor'ks· ?

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 SO

    EO 192.168.1.

    LAN - 192.168.1.0/24

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    ,EO 192.168.3.150/

    ,I:, 192.168.2.1.50/24

    I

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    26

    How Extended ACL Works?

    access-llst 101 permit ip any any

    SUNMAR'SS Technologies

    27

    How Exte,nd,ed' ACL: Wor'ks?

    SUNMAR'SS Technologies

    access-list 101 permit ip any any

    28

    How Extend'ed ACL Works?

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 SO

    EO 192.168.1.

    LAN - 192.168.1.0/24

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    ,EO 192.168.3.150/

    ,I:, 192.168.2.1,50/24

    I

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    29

    How Ext,ended' AC'L Wor'ks ?

    access-list 101 permit ip any any

    SUNMAR'SS Technologies

    30

    How Extended, ACL Wor,ks ?

    . .

    SUNMAR'SS Technologies

    31

    How Exten,cI:ed ACL Works?

    SUNMAR'SS Technologies

    ~D

    - ,_

    32

    How Extended, ACL Wor,ks ?

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 SO

    EO 192.168.1.

    LAN - 192.168.1.0/24

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    ,EO 192.168.3.150/

    ,I:, 192.168.2.1,50/24

    I

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    33

    How Exte,nd,ed' ACL: Wor'ks?

    access-llst 101 permit ip any any

    SUNMAR'SS Technologies

    34

    How Exten.d·e·d ACL Works?

    SUNMAR'SS Technologies

    How Extended, ACL Wor,ks ?

    . .

    SUNMAR'SS Technologies

    ~D

    - ,_

    36

    37

    Name,d Access 'List,

    SUNMAR'SS Technologies

    • Access,-lists are identified usinq Names

    rather than Numbers.

    • Names are Cas.e-Se,nsitive

    • Noli'mitatio,n of Numbers, here.

    • One Main, Advantage' is Editing of ACL is Possible (i.e)

    Removing a specific s·tatement from the AeL is possfble.

    38

    Standard' Named Atce,ss List

    SUNMAR'SS Technologies

    Creation of Standard Named Access List

    Implementation of Standard Named Access List

    39

    SUNMAR'SS Technologies

    Creation of Extended Named Access List

    Implementation of Extended Named Access List

    40

    SUNMAR'SS Technologies

    s

    .

    .

    .

    .

    I

    . .

    SUNMAR'SS Technologies

    53

    54

    Access Control List

    SUNMAR'SS Technologies

    • It is a Layer 3 security whlch controls the flow of

    traffic from one router to another,

    • It is also called as Packet Filtering Firewall.

    ACL - Net,wor:k Diaqrarn

    10.0,.0.1/8 so

    I

    LAN - 192.168.1.0/24

    1,1,.0,.0.1/8 SO

    ,EO 192.168.2.1,50/24

    EO 192.168.1.150/24

    51"" ':1.0.0,.0.2/8'

    LAN - 192.168.2.0/24

    Sl 11.'0.0.2/8

    SUNMAR'SS Technologies

    ,EO 192.168.3.150/

    LAN - 192.168.3.0/24

    56

    SUNMAR'SS Technologies

    • Exte,nded ACL

    • ,N"am'ed ACL

    57

    Standard' Access: List

    SUNMAR'SS Technologies

    • The access-list number lies between 1 - 9'9

    • Can' block a Net:work, Host and Subnet

    • Two w'av communication is stopped

    • Impl'ementetJ closest to the destination

    Extended' Access List

    . -. -

    • The access-list number lies between 100 - 199

    • Can' block a Net:work, Host, Subnet and Se,lVice

    • On'e way communication is stopped

    • Impl'ementetJ closest to the source.

    SUNMAR'SS Technologies

    58

    59

    Terminoloqv

    SUNMAR'SS Technologies

    : BI'oc'kin'g a N,etwork/Hos~/Su,b,n,e~/Service

    " Allowing a Network/Host/,Subnet/Serv;ice

    : The address of the PC from w'here

    the request starts, Show Diagram

    The address of the PC where the

    request ends.

    Traffic corninq into the interface

    Trafflc going out of the. interface

    Terminoloqv

    - TCp:

    :_: UD'P

    -ICMP

    II (less than)

    gt (greate,r than)

    HTT'~, FTP, :TELNE'T, DNS, D'HCP etc ..

    SUNMAR'SS Technologies

    60

    61

    Wild Card Mask

    SUNMAR'SS Technologies

    • Tells the router wh:ic,h addresslnq blts must

    match in, the address of the ACL statement,

    • II's the: inverse of the' subnet mask,he:nce, is also

    called as In'\le,rse mask.

    • A blt value of 0 indicates MUST MATCH (Check Bits)

    • A blt value of 1 indicates IGN·OR.E (Ignore Bits)

    • Wild' Card Mask for a Host w'ill be ,always 0.0.0.0

    62

    SUNMAR'SS Technologies

    • A wild card mask can be calculated' using

    the formula :

    M - Customized Subnet Mask

    _______________________________

    'E.g,.

    - 255.255.255.240

    _____ . . _

    63

    Rules of Access List

    SUNMAR'SS Technologies

    • All, denv statements have to be giv,en First

    • There should be at least one Permi:t statement

    • An implicit ,deny blocks all traffic b'y' default when there is no match: (an invisible statement),

    • C,an have one access-list per interface per direction. (I.e.) Two access-list per interface, one, in inbound direction and' one in outbound dlrectlon,

    • Works in Sequential order

    • Ed,ili,Fig of access-lists is, not possible (I.e) Se'lectively adding' or removing, access-Ilst statements is not possible.

    Standa,rd ACL - Network Diagram

    10.0,.0.1/8 so

    64

    EO 192.168.1.150/24

    51"" ':1.0.0,.0.2/8'

    ,EO 192.168.2.1,50/24

    ", ',' . " .. ::.

    11.'O.O.~1 0

    I-\J

    192.168.3.150/

    I

    LAN - 192.168.1.0/24

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    SUNMAR'SS

    Standa,rd ACL - Network Diagram Technologies

    10.0,.0.1/8 1,1,.0,.0.1/8

    SO SO

    EO 192.168.1.

    ---,_.

    _1 _

    ,EO 192.168.2.1,50/24

    Sl 11.'0.0.2/8

    ,EO 192.168.3.150/

    I

    LAN - 192.168.1.0/24

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    access-list 1 deny 192.168.1.2 0.0.00.0 access-list 1 permit any

    SUNMAR·SS Technologies

    66

    67

    SUNMAR'SS Technologies

    access-list 1 deny 192.168.1.2 0.0.00.0 access-list 1 permit any

    68

    SUNMAR'SS

    ,Standard ACL -Network Diagram Technologies

    10.0,.0.1/8 1,1,.0,.0.1/8

    SO SO

    EO 192.168.1.

    ---,_.

    _1 _

    ,EO 192.168.2.1,50/24

    Sl 11.'0.0.2/8

    ,EO 192.168.3.150/

    LAN - 192.168.1.0/24

    LAN - 192.168.2.0/24

    LAN - 192.168.3.0/24

    access-list 1 deny 192.168.1.2 0.0.00.0 access-list 1 permit any

    SUNMAR·SS Technologies

    69

    access-list 1 deny 192.168.1.1 0.0.00.0

    access-list 1 permit any

    SUNMAR'SS Technologies

    70

    access-list 1 deny 192.168.1.1 0.0.00.0 access-list 1 de"ny 192.168.1.2 0.0.00.0

    ::.-

    SUNMAR"SS Technologies

    71

    access-list 1 deny 192.168.1.1 0.0.00.0 access-list 1 de"ny 192.168.1.2 0.0.00.0

    ::.-

    SUNMAR"SS Technologies

    ~D

    - "-

    72

    73

    Named Access List

    SUNMAR'SS Technologies

    • Access,-lists are identified usinq Names

    rather than Numbers.

    • Names are Cas.e-Se,nsitive

    • Noli'mitatio,n of Numbers, here.

    • One Main, Advantage' is Editing of ACL is Possible (i.e)

    Removing a specific s·tatement from the AeL is possfble.

    74

    ACL - Network ,Diagram,

    SUNMAR'SS Technologies

    10.0,.0.1/8 so

    1,1,.0,.0.1/8 SO

    51""

    EO ':1.0.0,.0.2/8' •••

    • 192.168.1.150/24 ••





    Sl

    ,EO.. 11.'0.0.2/8

    192.1-iS.2.1.50/24

    ,EO 192.168.3.150/

    LAN - 192.168.1.0,'24

    LAN - 192.168.2.0 i24

    LAN - 192.168.3.0/24

    You might also like