You are on page 1of 20

Access List: Access-lists: they are not just for access Using ACLs for security Types of ACLS

CLS Access-list they are everywhrer. Permit 192.168.250 Deny 192.168.1.0/24 Permit tcp port 80 for 200.1.1.1. Permit all TCP traffic for 210.0.1.0/24 What they can be sued for Access control NAT Quality of service Demand dial routing Policy routing Route filtering Making French toast

Adding Access lists capabilities Standard Extended Dynamic Established Time-based Context-based access control

Standard and extended access lists Standard

o o o

Matches based on source address Lower processor utilization Affect depends on application

Extended o o o Matches based on source/destination address Higher processor utilization Syntax takes some time to learn

Reflexive established o Allows return traffic for internal requests

Access lists: Access list scenario 1: standard network access

Access list scenario 2: standard VTY access Access list scenario 3: Extended, IP access Access list scenario 4: Extended, TCP access

Those are the example.

Scenario 1: use standard ACL block host A from accessing Host B.

Note: Set up Standard ACL as close Destination as possible.

Note: now we are unable to ping that network.

Scenario 2: Use a standard ACL to prevent Host A from Telnetting or SSHing to R1.

Note: we are just using access list into router VTY Mode.

Note:Now we are deny for telnetting. Extended ACL Scenario 3: Use an extended ACL to prevent Host A from accessing the R2 WAN link.

Note: it was before applying the ACL

Note: we can access the remote host because when we try to that hast its destination address is that.

Scenario 4: use an extended ACL to prevent Host A from accessing the CBTNuggets homepages.

TIPS And tricks

You might also like