CCNA Security – Chapter 4 (ACLs Standar-Extended)

packet filtering, stateful, application gateway (proxy), address-translation, host-based, transparent, and hybrid firewalls.

R2(config)#access-list ?
<1-99>            IP standard access list
<100-199>         IP extended access list
<1000-1099>       IPX SAP access list
<1100-1199>       Extended 48-bit MAC address access list
<1200-1299>       IPX summary address access list
<1300-1999>       IP standard access list (expanded range)
<200-299>         Protocol type-code access list
<2000-2699>       IP extended access list (expanded range)
<300-399>         DECnet access list
<600-699>         Appletalk access list
<700-799>         48-bit MAC address access list
<800-899>         IPX standard access list
<900-999>         IPX extended access list
dynamic-extended  Extend the dynamic ACL absolute timer
rate-limit        Simple rate-limit specific access list
!
!
access-list 1 permit host 192.168.180.1
access-list 1 permit 192.168.180.1 0.0.0.0
!
access-list 100 permit ip host 192.168.180.1 host 192.168.180.2
access-list 100 permit tcp host 192.168.180.1 host 192.168.180.2 eq 80
!
R2(config-if)# ip access-group 100 in
!
ip access-list standard STANDAR-ACL
permit host 192.168.180.1
exit
!
ip access-list extended EXTENDED-ACL
permit tcp host 192.168.180.1 host 192.168.180.2 established
exit
!
The access-class extended ACL only supports the any keyword as the destination.
!
ip access-list extended PERMIT-ADMIN-LINE
permit tcp host 192.168.180.1 any eq 22 log
deny ip any any
!
line vty 0 4
access-class PERMIT-ADMIN-LINE in
exit
!
!
If using Cisco IOS Release 12.3 and later, sequence numbers can be used to ensure that ACEs are added in the correct location. The ACL is processed top-down based on the sequence numbers of the ACEs (lowest to highest).
!
Router-generated packets, such as routing table updates, are not subject to outbound ACL statements on the source router. If the security policy requires filtering these types of packets, inbound ACLs on adjacent routers or other router filter mechanisms using ACLs must do the filtering task.
!
the no parameter followed by the ACE will result in deleting the entire ACL.
!
On standard access lists, the Cisco IOS will add new entries by descending order of the IP address, regardless of the sequence number. Therefore, the sequence number in a standard ACL is used as an identifier of a specific ACE for deletion purposes.
All entries, regardless of the order in which they were entered, were placed in order of descending IP address, from specific to general.
!
INBOUND = Pre-Routing
OUTBOUND = Post-Routing
!
packet debugging captures the packets that are process-switched, including received, generated, and forwarded packets.
!

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s