Post on 21-Dec-2015
1© 2004 Cisco Systems, Inc. All rights reserved.
CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
222© 2004, Cisco Systems, Inc. All rights reserved.
Objectives
333© 2004, Cisco Systems, Inc. All rights reserved.
What are ACLs?
• ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.
444© 2004, Cisco Systems, Inc. All rights reserved.
How ACLs Work
555© 2004, Cisco Systems, Inc. All rights reserved.
Protocols with ACLs Specified by Numbers
666© 2004, Cisco Systems, Inc. All rights reserved.
Define an ACL & Apply it
Wildcard Mask
Deny all packetsfrom 172.16.1.1
access-listnumber
Apply ACL #2to interface e0
Apply to allIncoming packets
777© 2004, Cisco Systems, Inc. All rights reserved.
The Function of a Wildcard Mask
888© 2004, Cisco Systems, Inc. All rights reserved.
Verifying ACLs
• There are many show commands that will verify the content and placement of ACLs on the router.
show ip interface
show access-lists
Show running-config
999© 2004, Cisco Systems, Inc. All rights reserved.
Standard ACLs
101010© 2004, Cisco Systems, Inc. All rights reserved.
Extended ACLsSource IP addrplus wildcard
DestinationIP addr.
111111© 2004, Cisco Systems, Inc. All rights reserved.
Named ACLs
單一主機
121212© 2004, Cisco Systems, Inc. All rights reserved.
Placing ACLs
• Standard ACLs should be placed close to the destination.
• Extended ACLs should be placed close to the source.
131313© 2004, Cisco Systems, Inc. All rights reserved.
Firewalls
A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders.
141414© 2004, Cisco Systems, Inc. All rights reserved.
Restricting Virtual Terminal Access
151515© 2004, Cisco Systems, Inc. All rights reserved.
Summary