Professional Documents
Culture Documents
CCNA4-1 Chapter 5
CCNA4-2 Chapter 5
Using ACLs to Secure Networks
Chapter 5
Using ACLs to Secure Networks
Packet Filtering:
Controls access to a network by analyzing the incoming
and outgoing packets and passing or halting them based
on stated criteria.
These criteria are defined using ACLs.
Packet Filtering:
The ACL can extract the following
information from the packet header,
test it against its rules and make
permit or deny decisions based on:
Source IP address.
Destination IP address.
and….
TCP/UDP source port.
TCP/UDP destination port.
Packet
Packet Filtering
Filtering
works
works at Layer
at Layer 3.3.
CCNA4-9 :• ﺗﺼﻔﯿﺔ اﻟﺤﺰم Chapter 5
( اﺳﺘﺨﺮاج اﻟﻤﻌﻠﻮﻣﺎت اﻟﺘﺎﻟﯿﺔ ﻣﻦ رأسACL) • ﯾﻤﻜﻦ ﻟﻘﺎﺋﻤﺔ اﻟﺘﺤﻜﻢ ﺑﺎﻟﻮﺻﻮل
:اﻟﺤﺰﻣﺔ واﺧﺘﺒﺎرھﺎ وﻓﻘًﺎ ﻟﻘﻮاﻋﺪھﺎ واﺗﺨﺎذ ﻗﺮارات اﻟﺴﻤﺎح أو اﻟﺮﻓﺾ ﺑﻨﺎ ًء ﻋﻠﻰ
. اﻟﻤﺼﺪرIP • ﻋﻨﻮان
.… و. اﻟﻮﺟﮭﺔIP • ﻋﻨﻮان
.TCP/UDP • ﻣﻨﻔﺬ ﻣﺼﺪر
.TCP/UDP • ﻣﻨﻔﺬ اﻟﻮﺟﮭﺔ
Using ACLs to Secure Networks
For Example:
Web HTML
OK for
Network A
but not for
Network B.
CCNA4-11 HTML وﯾﺐ:ﻋﻠﻰ ﺳﺒﯿﻞ اﻟﻤﺜﺎل Chapter 5
."ﻣﻮاﻓﻖ ﻟﻠﺸﺒﻜﺔ "أ" وﻟﻜﻦ ﻟﯿﺲ ﻟﻠﺸﺒﻜﺔ "ب
What is an ACL?
CCNA4-13 Chapter 5
Two types:
Standard ACLs:
Standard ACLs allow you to permit or deny traffic
based on the source IP addresses.
The destination of the packet and the ports involved
do not matter.
:ﻧﻮﻋﯿﻦ •
: اﻟﻘﯿﺎﺳﯿﺔACL •ﻗﻮاﺋﻢ
. اﻟﻤﺼﺪرIP اﻟﻘﯿﺎﺳﯿﺔ ﺑﺎﻟﺴﻤﺎح ﺑﺤﺮﻛﺔ اﻟﻤﺮور أو رﻓﻀﮭﺎ ﺑﻨﺎ ًء ﻋﻠﻰ ﻋﻨﺎوﯾﻦACL •ﺗﺴﻤﺢ ﻟﻚ ﻗﻮاﺋﻢ
.•ﻻ ﯾﮭﻢ وﺟﮭﺔ اﻟﺤﺰﻣﺔ واﻟﻤﻨﺎﻓﺬ اﻟﻤﻌﻨﯿﺔ
.24/192.168.30.0 اﻟﺴﻤﺎح ﺑﺠﻤﯿﻊ ﺣﺮﻛﺔ اﻟﻤﺮور ﻣﻦ اﻟﺸﺒﻜﺔ
ﯾﺘﻢ ﺣﻈﺮ ﻛﺎﻓﺔ ﺣﺮﻛﺔ اﻟﻤﺮور اﻷﺧﺮى ﺑﺎﺳﺘﺨﺪام ﻗﺎﺋﻤﺔ اﻟﺘﺤﻜﻢ،وﺑﺴﺒﺐ ﻋﺒﺎرة "رﻓﺾ أي" اﻟﻀﻤﻨﯿﺔ ﻓﻲ اﻟﻨﮭﺎﯾﺔ
.(ACL) ﺑﺎﻟﻮﺻﻮل
:ﻧﻮﻋﯿﻦ •
Types of Cisco ACLs : اﻟﻤﻮﺳﻌﺔACL •ﻗﻮاﺋﻢ
اﻟﻤﻮﺳﻌﺔ ﺑﺘﺼﻔﯿﺔACL •ﺗﻘﻮم ﻗﻮاﺋﻢ
ﺑﻨﺎ ًء ﻋﻠﻰ ﻋﺪة ﺳﻤﺎت؛IP ﺣﺰم
Two types: IP وﻋﻨﻮان،•ﻧﻮع اﻟﺒﺮوﺗﻮﻛﻮل
TCP وﻣﻨﺎﻓﺬ،أو اﻟﻮﺟﮭﺔ/اﻟﻤﺼﺪر و
Extended ACLs: .أو اﻟﻮﺟﮭﺔ/ اﻟﻤﺼﺪر وUDP أو
Extended ACLs filter IP packets based on several • ﯾﺴﻤﺢ ﺑﺤﺮﻛﺔ اﻟﻤﺮور اﻟﺼﺎدرة ﻣﻦ
attributes; أي ﻋﻨﻮان ﻋﻠﻰ ﺷﺒﻜﺔ
Protocol type, source and/or destination IP إﻟﻰ أي ﻣﻨﻔﺬ24/192.168.30.0
.(HTTP) 80 ﻣﻀﯿﻒ وﺟﮭﺔ
address, source and/or destination TCP or UDP
ports.
• :