Home | Windows | Network | Interview Questions | Database | Virtualization | Knowledge Base | Contact Us

Home Links

Windows Home

Network Home

Database Home

KB Home

Interview Ques.

Network Int. Q & A

Windows Int. Q & A

SQL Int. Q & A

Knowledge Base.

Cisco VOIP

Windows 2003 KB

Windows 2008 KB

Windows 2012 KB

Exchange Q&A

Virtualization

 

Win 2003 - IIS 6.0

SQL Failover Cluster

Configuring New Domain

 

CCNA - Topics

CCNA - SWITCHING

VLAN

VTP

STP

Etherchannel

Port Security

ACL


SWITCHING

ACL

ACL stands of Access Control List; it is packet filtering method, which filters the IP packets based on source and destination address. It is set of rules or conditions that permit or deny the IP packets.

Cisco ACLs are divided into types.
1. Standard ACL &
2. Extended ACL.

Standard ACL - Standard IP Access Lists ranging in number from 1 to 99. Standard ACL control the traffic based on the source IP address only.

Extended ACL - Extended IP Access Lists ranging in number from 100 to 199. Extended ACL control the traffic based on the source IP address, destination IP address, source port number and destination port number.

Syntax for IP standard ACL.

Access-list access-list-number {permit|deny}
{host|source source-wildcard|any}

Standard ACL example:

Access-list 10 permit 192.168.3.0 0.0.0.255

This list allows traffic from all addresses in the range 192.168.3.0 to 192.168.3.255 Note that when configuring access lists on a router, you must identify each access list uniquely by assigning either a name or a number to the protocol's access list.

There is an implicit deny added to every access list. If you entered the command:

show access-list 10
The output looks like:
Access-list 10 permit 192.168.2.0 0.0.0.255
Access-list 10 deny any

Syntax for IP Extended ACL:

Access-list access-list-number {deny | permit} protocol source source-wildcard
destination destination-wildcard [precedence precedence]
Note that the above syntax is simplified, and given for general understanding only.

Extended ACL example:

Access-list 130 - Applied to traffic leaving the office (outgoing)
Access-list 130 permit tcp 192.133.3.0 0.0.0.255 any eq 23

ACL 130 permits traffic originating from any address on the 192.133.3.0 network. The 'any' statement means that the traffic is allowed to have any destination address with the limitation of going to port 23. The value of 0.0.0.0/255.255.255.255 can be specified as 'any'.


CCNA Overview Page

HTML Comment Box is loading comments...

Designed by TechieBird