Professional Documents
Culture Documents
ITE I Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Objectives
Explain how ACLs are used to secure a medium-size
Enterprise branch office network.
Configure standard ACLs in a medium-size Enterprise
branch office network.
Configure extended ACLs in a medium-size
Enterprise branch office network.
Describe complex ACLs in a medium-size Enterprise
branch office network.
Implement, verify and troubleshoot ACLs in an
enterprise network environment.
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2
What is the packet filter?
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3
What is the packet filter?
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4
What is an Access Control List (ACL)?
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5
What is an Access Control List (ACL)?
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6
What is an Access Control List (ACL)?
Inbound ACL flow chart
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7
What is an Access Control List (ACL)?
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8
Types of the Access Control List (ACL)
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Types of the Access Control List (ACL)
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Where to place ACL ?
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11
ACL best practice
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12
Access Control List configuration
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13
Configure Standard ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 14
Configure Standard ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Wild Card Mask (WCM)
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 16
Wild Card Mask (WCM)
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 17
Configure Standard ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18
Wild Card Mask (WCM)
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 19
Configure Standard ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20
Configure Standard ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21
Configure Standard ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22
VTY ACL
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23
Remarking ACL
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24
Configure Standard named ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 25
Configure Extended ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 26
Extended ACL example
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 27
Configure Extended ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 28
Extended ACL example
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 29
Extended ACL example
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 30
Extended ACL example
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 31
Describe Complex ACLs
List the three types of complex ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32
Describe Complex ACLs in a Medium-Size
Enterprise Branch Office Network
Explain how and when to use dynamic ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 33
Describe Complex ACLs in a Medium-Size
Enterprise Branch Office Network
Explain how and when to use reflexive ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 34
Describe Complex ACLs in a Medium-Size
Enterprise Branch Office Network
Explain how and when to use time-based ACLs
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 35
Describe Complex ACLs in a Medium-Size
Enterprise Branch Office Network
Describe how to troubleshoot common ACL problems
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 36
Implement, Verify and Troubleshoot ACLs
in an Enterprise Network Environment
Create, place and verify a standard/ extended ACL and
verify its placement.
Verify ACL’s functionality and troubleshoot as needed.
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 37
Summary
An Access List (ACL) is:
A series of permit and deny statements that are used to filter
traffic
Standard ACL
–Identified by numbers 1 - 99 and 1300 - 1999
–Filter traffic based on source IP address
Extended ACL
–Identified by number 100 -199 & 2000 - 2699
–Filter traffic based on
•Source IP address
•Destination IP address
•Protocol
•Port number
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 38
Summary
Named ACL
–Used with IOS 11.2 and above
–Can be used for either standard or extended ACL
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 39
Summary
Implementing ACLs
–1st create the ACL
–2nd place the ACL on an interface
•Standard ACL are placed nearest the destination
•Extended ACL are placed nearest the source
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 40