acl workbook
Post on 26-Feb-2018
231 Views
Preview:
TRANSCRIPT
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 1/69
0.0.0.0
permit
E
x t e n
d e
d
Standard
access-groudeny
access-list
CLAccess
ListsWorkbook
Version 1.0
Wildcard Mask
Any
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 2/69
Inside Cover
IP Standard
IP Extended
Ethernet Type Code
Ethernet Address
DECnet and Extended DECnetXNS
Extended XNS
Appletalk
48-bit MAC Addresses
IPX Standard
IPX Extended
IPX SAP (service advertisement protocol)
IPX SAP SPXExtended 48-bit MAC Addresses
IPX NLSP
IP Standard, expanded range
IP Extended, expanded range
SS7 (voice)
Standard Vines
Extended Vines
Simple Vines
Transparent bridging (protocol type)
Transparent bridging (vender type)
Extended Transparent bridging
Source-route bridging (protocol type)
Source-route bridging (vender type)
Access-List Numbers99
199
299
799
399499
599
699
799
899
999
1099
10991199
1299
1999
2699
2999
100
200
300
299799
1199
299
799
1
100
200
700
300400
500
600
700
800
900
1000
10001100
1200
1300
2000
2700
1
101
201
200700
1100
200
700
to
to
to
to
toto
to
to
to
to
to
to
toto
to
to
to
to
to
to
to
toto
to
to
to
Produced by: Robb Jones jonesr@careertech.net
Frederick County Career & Technology CenterCisco Networking Academy
Frederick County Public Schools
Frederick, Maryland, USA
Special Thanks to Melvin Baker and Jim Dorschfor taking the time to check this workbook for errors.
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 3/69
1
ACLs......are a sequential list of instructions that tell a router which packets to permit or deny.
The router checks to see if the packet is routable. If it is it looks upthe route in its routing table.
The router then checks for an ACL on that outbound interface.
If there is no ACL the router switches the packet out that interface to itsdestination.
If there is an ACL the router checks the packet against the access list
statements sequentially. Then permits or denys each packet as it ismatched.
If the packet does not match any statement written in the ACL it isdenyed because there is an implicit “deny any” statement at the end ofevery ACL.
General Access Lists Information
Access Lists......are read sequentially....are set up so that as soon as the packet matches a statement it stops comparing and permits or denys the packet....need to be written to take care of the most abundant traffic first....must be configured on your router before you can deny packets.
...can be written for all supported routed protocols; but each routed protocol must have a different ACL for each interface....must be applied to an interface to work.
What are Access Control Lists?
How routers use Access Lists(Outbound Port - Default)
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 4/69
Standard Access Lists
Standard Access Lists......are numbered from 1 to 99....filter (permit or deny) only source addresses....do not have any destination information so it must placed as close
to the destination as possible....work at layer 3 of the OSI model.
2
Why standard ACLs are placed close to thedestination.
If you want to block traffic from Juan’s computer from reachingJanet’s computer with a standard access list you would place theACL close to the destination on Router D, interface E0. Sinceits using only the source address to permit or deny packets theACL here will not effect packets reaching Routers B, or C.
Router A
Router B
Router C
Router D
If you place the ACL on router A to block traffic to Router Dit will also block all packets going to Routers B, and C;because all the packets will have the same source address.
Juan’sComputer
Janet’sComputer
Jimmy’sComputer
Matt’s
Computer
E0
E0 E0
E0
S0
S1 S0
S0S1
S1
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 5/69
3
Lisa’s
Computer
Standard Access List PlacementSample Problems
In order to permit packets from Juan’s computer to arrive atJan’s computer you would place the standard access list atrouter interface ______.FA1
Lisa has been sending unnecessary information to Paul. Wherewould you place the standard ACL to deny all traffic from Lisa to Paul?
Router Name ______________ Interface ___________
Where would you place the standard ACL to deny traffic from Paul toLisa?Router Name ______________ Interface ___________
Router B E1
Router A E0
Paul’sComputer
FA1FA0
Router A
Juan’sComputer
Jan’s
Computer
S0S1
E0 E1
Router BRouter A
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 6/69
S0 S1E0 FA1
S0S1
Router B
Router C
Standard Access List Placement
4
Router A
S0S1
E0 FA1
Sarah’sComputer
Jackie’sComputer
Router FRouter E
Router D
S1
S0
S1
E0
S1
Linda’sComputer
Melvin’sComputer
Jim’s
Computer
Jeff’sComputer
George’sComputer
Kathy’sComputer
Carrol’sComputer
Ricky’sComputer
Jenny’sComputer
Amanda’s
Compute
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 7/69
5
Router DE0
Standard Access List Placement
1. Where would you place a standard access list topermit traffic from Ricky’s computer to reach Jeff’scomputer?
2. Where would you place a standard access list todeny traffic from Melvin’s computer from reachingJenny’s computer?
3. Where would you place a standard access list todeny traffic to Carrol’s computer from Sarah’scomputer?
4. Where would you place a standard access list topermit traffic from Ricky’s computer to reach Jeff’scomputer?
5. Where would you place a standard access list todeny traffic from Amanda’s computer from reachingJeff and Jim’s computer?
6. Where would you place a standard access list topermit traffic from Jackie’s computer to reach Linda’scomputer?
7. Where would you place a standard access list topermit traffic from George’s computer to reach Carroland Amanda’s computer?
8. Where would you place a standard access list todeny traffic to Jenny’s computer from Jackie’scomputer?
9. Where would you place a standard access list topermit traffic from George’s computer to reach Lindaand Sarah’s computer?
10. Where would you place an ACL to deny traffic fromJeff’s computer from reaching George’s computer?
11. Where would you place a standard access list todeny traffic to Sarah’s computer from Ricky’scomputer?
12. Where would you place an ACL to deny traffic fromLinda’s computer from reaching Jackie’s computer?
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router AE0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 8/69
Extended Access Lists......are numbered from 100 to 199....filter (permit or deny) based on the: source address
destination addressprotocolport number
... are placed close to the source.
...work at both layer 3 and 4 of the OSI model.
Extended Access Lists
Why extended ACLs are placed close to the source.
If you want to deny traffic from Juan’s computer from reachingJanet’s computer with an extended access list you would placethe ACL close to the source on Router A, interface E0. Since itcan permit or deny based on the destination address it can reducebackbone overhead and not effect traffic to Routers B, or C.
If you place the ACL on Router E to block traffic from RouterA, it will work. However, Routers B, and C will have to routethe packet before it is finally blocked at Router E. Thisincreases the volume of useless network traffic.
6
Router A
Router B
Router C
Router D
Juan’sComputer
Janet’sComputer
Jimmy’sComputer
Matt’s
Computer
E0
FA0
E0
E0
S0
S1S0
S0S1
S1
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 9/69
7
Juan’s
Computer
Jan’sComputer
Extended Access List PlacementSample Problems
In order to permit packets from Juan’s computer to arrive atJan’s computer you would place the extended access list atrouter interface ______.E0
Lisa has been sending unnecessary information to Paul. Where wouldyou place the extended ACL to deny all traffic from Lisa to Paul?Router Name ______________ Interface ___________
Where would you place the extended ACL to deny traffic from Paul toLisa?Router Name ______________ Interface ___________
Router A FA0
Router B FA1
E1E0
Router A
S0S1
FA0 FA1
Router BRouter A
Lisa’sComputer
Paul’sComputer
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 10/69
8
S0 S1FA0 E1
S0S1
Router B
Router C
Extended Access List Placement
Router A
S0S1
FA0 FA1
Sarah’sComputer
Jackie’sComputer
Router FRouter E
Router D
S1
S0
S1
FA0
S1
Linda’sComputer
Melvin’sComputer
Jim’s
Computer
Jeff’sComputer
George’sComputer
Kathy’sComputer
Carrol’sComputer
Ricky’sComputer
Jenny’sComputer Amanda’
Compute
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 11/69
9
Extended Access List Placement
Router Name_________________ Interface ____________________
Router Name_________________
Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
Router Name_________________ Interface ____________________
1. Where would you place an ACL to deny traffic fromJeff’s computer from reaching George’s computer?
2. Where would you place an extended access list to
permit traffic from Jackie’s computer to reach Linda’scomputer?
3. Where would you place an extended access list todeny traffic to Carrol’s computer from Ricky’scomputer?
4. Where would you place an extended access list todeny traffic to Sarah’s computer from Jackie’scomputer?
5. Where would you place an extended access list topermit traffic from Carrol’s computer to reach Jeff’scomputer?
6. Where would you place an extended access list todeny traffic from Melvin’s computer from reaching Jeffand Jim’s computer?
7. Where would you place an extended access list topermit traffic from George’s computer to reach Jeff’scomputer?
8. Where would you place an extended access list topermit traffic from Jim’s computer to reach Carrol andAmanda’s computer?
9. Where would you place an ACL to deny traffic fromLinda’s computer from reaching Kathy’s computer?
10. Where would you place an extended access listto deny traffic to Jenny’s computer from Sarah’s
computer?
11. Where would you place an extended access list topermit traffic from George’s computer to reach Lindaand Sarah’s computer?
12. Where would you place an extended access listto deny traffic from Linda’s computer from reachingJenny’s computer?
Router DFA0
Router F
FA1
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 12/69
Access Lists on your incoming port......requires less CPU processing....filters and denys packets before the router has to make a routing decision.
Access Lists on your outgoing port......are outbound by default unless otherwise specified....increases the CPU processing time because the routing decision is made and the packet switched to the correct outgoing port before it is tested against the ACL.
Choosing to Filter Incoming or Outgoing Packets
Breakdown of a Standard ACL Statement
access-list 1 permit 192.168.90.36 0.0.0.0
permitor
deny
autonomousnumber1 to 99
sourceaddress
wildcardmask
access-list 78 deny host 192.168.90.36 log
permit or deny
autonomousnumber1 to 99
sourceaddress
indicates aspecific host
address
(Optional) generates a log
entry on therouter for each packet thatmatches thisstatement
10
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 13/69
Breakdown of an Extended ACL Statement
access-list 125 permit ip 192.168.90.36 0.0.0.0 192.175.63.12 0.0.0.0
permit or deny
autonomousnumber
100 to 199
sourcewildcardmask
destinationaddress
destinationwildcardmask
access-list 178 deny tcp host 192.168.90.36 host 192.175.63.12 eq 23 log
permitor
deny
autonomousnumber
100 to 199
sourceaddress
indicates aspecific
host
protocolicp,
icmp,tcp, udp,
ip,etc.
destinationaddress
operatoreq for = gt for >lt for <neg for =
portnumber
(23 = telnet)
(Optional)
generates a logentry on therouter for each packet thatmatches thisstatement
protocolicp,
icmp,
tcp, udp,ip,etc.
11
sourceaddress
Protocols Include:IP IGMP IPINIP
TCP GRE OSPFUDP IGRP NOSICMP EIGRP Integer 0-255
To match any internet protocol use IP.
indicates aspecific
host
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 14/69
Named ACLs......are standard or extended ACLs which have an alphanumeric name
instead of a number. (ie. 1-99 or 100-199)
Named Access Lists Information
Named Access Lists......identify ACLs with an intuutive name instead of a number....eliminate the limits imposed by using numbered ACLs. (798 for standard and 799 for extended)...provide the ability to modify your ACLs without deleting and reloading the revised access list. It will only allow you to add
statements to the end of the exsisting statements....are not compatable with any IOS prior to Release 11.2....can not repeat the same name on multiple ACLs.
What are Named Access Control Lists?
Applying a Standard Named Access Listcalled “George”
Write a named standard access list on Router A, interface E1 to block Melvin’s computerfrom sending information to Kathy’s computer; but will allow all other traffic.
Place the access list at:Router Name: Router AInterface: E1Access-list #: George
[Writing and installing an ACL]
Router# configure terminal (or config t)Router(config)# access-list standard GeorgeRouter(config)# access-list deny host 72.16.70.35Router(config)# access-list permit anyRouter(config)# interface e1Router(config-if)# ip access-group George outRouter(config-if)# exitRouter(config)# exit
12
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 15/69
Cr e a t i n g aN am
e dA c c e s sLi s t s
Applying an extended Named Access Licalled “Gracie”
Write a named extended access list on Router A, Interface E0 called “Gracie” to deny HTTserver 192.168.207.27, but will permit all other HTTP traffic to reach the only the 192.168.IP traffic. Keep in mind that there may be multiple ways many of the individual statements
Place the access list at:Router Name: Router AInterface: E0Access-list #: Gracie
[Writing and installing an ACL]
Router# configure terminal (or config t)Router(config)# access-list extended GracieRouter(config)# access-list deny tcp any host 192.168.207.27 eq Router(config)# access-list permit tcp any 192.168.207.0 0.0.0.2Router(config)# interface e0Router(config-if)# ip access-group Gracie inRouter(config-if)# exitRouter(config)# exit
1 3
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 16/69
14
Choices for Using Wildcard Masks
Wildcard masks are usually set up to do one of four things:1. Match a specific host.2. Match an entire subnet.3. Match a specific range.4. Match all addresses.
1. Matching a specific host.For standard access lists:
Access-List 10 permit 192.168.150.50 0.0.0.0or
Access-List 10 permit 192.168.150.50or
Access-List 10 permit host 192.168.150.50
For extended access lists:Access-list 110 deny ip 192.168.150.50 0.0.0.0 any
orAccess-list 110 deny ip host 192.168.150.50 any
2. Matching an entire subnetExample 1
Address: 192.168.50.0 Subnet Mask: 255.255.255.0
Access-list 25 deny 192.168.50.0 0.0.0.255
Example 2Address: 172.16.0.0 Subnet Mask: 255.255.0.0
Access-list 12 permit 172.16.0.0 0.0.255.255
Example 3Address: 10.0.0.0 Subnet Mask: 255.0.0.0
Access-list 125 deny udp 10.0.0.0 0.255.255.255 any
(standard ACL’sassume a 0.0.0.0 mask)
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 17/69
15
Example 1Address: 10.250.50.112 Subnet Mask: 255.255.255.224
Access-list 125 permit udp 10.250.50.112.0.0.0.31 any
e Example 2Address Range: 192.168.16.0 to 192.168.16.127
Access-list 125 deny ip 192.168.16.0 0.0.0.127 any(This ACL would block the lower half of the subnet.)
Example 3Address: 172.250.16.32 to 172.250.31.63
Access-list 125 permit ip 172.250.16.32 0.0.15.31 any
4. Match everyone.
For standard access lists:Access-List 15 permit any
or
Access-List 15 deny 0.0.0.0 255.255.255.255
For extended access lists:Access-List 175 permit ip any any
orAccess-List 175 deny tcp 0.0.0.0 255.255.255.255 any
3. Match a specific range
192.-192.
Wildcard: 0.
168.168.
0.
16.16.
0.
1270
127
255.-255.Wildcard: 0.
255.255.0.
255.255.0.
25522431
Custom Subnet mask:
172.-172.
0.
250.250.
0.
31.16.
15.
6332
31Wildcard:
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 18/69
16
Just like a subnet mask the wildcard mask tells the router what part of theaddress to check or ignore. Zero (0) must match exactly, one (1) will beignored.
The source address can be a single address, a range of addresses, oran entire subnet.
As a rule of thumb the wildcard mask is the reverse of the subnet mask.
Example #1:IP Address and subnet mask: 204.100.100.0 255.255.255.0IP Address and wildcard mask: 204.100.100.0 0.0.0.255
All zero’s (or 0.0.0.0) means the address must match exactly.
Example #2:10.10.150.95 0.0.0.0 (This address must match exactly.)
One’s will be ignored.
Example #3:10.10.150.95 0.0.0.255 (Any 10.10.150.0 subnet address will match.
10.10.150.0 to 10.10.150.255)
This also works with subnets.
Example #4:IP Address and subnet mask: 192.170.25.30 255.255.255.224IP Address and wildcard mask: 192.170.25.30 0.0.0.31
(Subtract the subnet mask from255.255.255.255 to create the wildcard)
Do the math... 255 - 255 = 0 (This is the inverse of the subnet mask.) 255 - 224 = 31
Example #5:
IP Address and subnet mask: 172.24.128.0 255.255.128.0IP Address and wildcard mask: 172.24.128.0 0.0.127.255
Do the math... (This is the inverse of the subnet mask.)
Creating Wildcard Masks
---
255255255
2551280
0127255
===
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 19/69
17
Wildcard Mask Problems
1. Create a wildcard mask to match this exact address.IP Address: 192.168.25.70Subnet Mask: 255.255.255.0 ___________________________________
2. Create a wildcard mask to match this range.IP Address: 210.150.10.0Subnet Mask: 255.255.255.0 ___________________________________
3. Create a wildcard mask to match this host.IP Address: 195.190.10.35Subnet Mask: 255.255.255.0 __________________________________
4. Create a wildcard mask to match this range.IP Address: 172.16.0.0Subnet Mask: 255.255.0.0 __________________________________
5. Create a wildcard mask to match this range.IP Address: 10.0.0.0Subnet Mask: 255.0.0.0 __________________________________
6. Create a wildcard mask to match this exact address.IP Address: 165.100.0.130Subnet Mask: 255.255.255.192 __________________________________
7. Create a wildcard mask to match this range.IP Address: 192.10.10.16Subnet Mask: 255.255.255.224 __________________________________
8. Create a wildcard mask to match this range.IP Address: 171.50.75.128Subnet Mask: 255.255.255.192 __________________________________
9. Create a wildcard mask to match this host.IP Address: 10.250.30.2Subnet Mask: 255.0.0.0 __________________________________
10. Create a wildcard mask to match this range.IP Address: 210.150.28.16
Subnet Mask: 255.255.255.248 __________________________________
11. Create a wildcard mask to match this range.IP Address: 172.18.0.0Subnet Mask: 255.255.224.0 __________________________________
12. Create a wildcard mask to match this range.IP Address: 135.35.230.32Subnet Mask: 255.255.255.248 __________________________________
0 . 0 . 0 . 0
0 . 0 . 0 . 255
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 20/69
Wildcard Mask ProblemsBased on the given information list the usable source addresses or range ofusable source addresses that would be permitted or denied for each access
list statement.
1.access-list 10 permit 192.168.150.50 0.0.0.0
Answer: __________________________________________________________________
2. access-list 5 permit any
Answer: __________________________________________________________________
3. access-list 125 deny tcp 195.223.50.0 0.0.0.63 host 172.168.10.1 fragments
Answer: __________________________________________________________________
4. access-list 11 deny 210.10.10.0 0.0.0.255
Answer: __________________________________________________________________
5. access-list 108 deny ip 192.220.10.0 0.0.0.15 172.32.4.0 0.0.0.255
Answer: __________________________________________________________________
6. access-list 171 deny any host 175.18.24.10 fragments
Answer: __________________________________________________________________
7. access-list 105 permit 192.168.15.0 0.0.0.255 any
Answer: __________________________________________________________________
8. access-list 109 permit tcp 172.16.10.0 0.0.0.255 host 192.168.10.1 eq 80
Answer: __________________________________________________________________
9. access-list 111 permit ip any any
Answer: __________________________________________________________________
10. access-list 195 permit udp 172.30.12.0 0.0.0.127 172.50.10.0 0.0.0.255
Answer: __________________________________________________________________
Any address
18
192.168.150.50
195.223.50.1 to 195.223.50.63
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 21/69
19
11. access-list 110 permit ip 192.168.15.0 0.0.0.3 192.168.30.10 0.0.0.0
Answer: _________________________________________________________________
12. access-list 120 permit ip 192.168.15.0 0.0.0.7 192.168.30.10 0.0.0.0
Answer: _________________________________________________________________
13. access-list 130 permit ip 192.168.15.0 0.0.0.15 192.168.30.10 0.0.0.0
Answer: _________________________________________________________________
14. access-list 140 permit ip 192.168.15.0 0.0.0.31 192.168.30.10 0.0.0.0
Answer: _________________________________________________________________
15. access-list 150 permit ip 192.168.15.0 0.0.0.63 192.168.30.10 0.0.0.0
Answer: _________________________________________________________________
16. access-list 101 Permit ip 192.168.15.0 0.0.0.127 192.168.30.10 0.0.0.0
Answer:__________________________________________________________________
17. access-list 185 permit ip 192.168.15.0 0.0.0.255 192.168.30.0 0.0.0.255
Answer: _________________________________________________________________
18. access-list 160 deny udp 172.16.0.0 0.0.1.255 172.18.10.18 0.0.0.0 gt 22
Answer: _________________________________________________________________
19. access-list 195 permit icmp 172.85.0.0 0.0.15.255 172.50.10.0 0.0.0.255
Answer: _________________________________________________________________
20. access-list 10 permit 175.15.120.0 0.0.0.255
Answer: _________________________________________________________________
21. access-list 190 permit tcp 172.15.0.0 0.0.15.31 any
Answer: _________________________________________________________________
22. access-list 100 permit ip 10.0.0.0 0.255.255.255 172.50.10.0 0.0.0.255
Answer: _________________________________________________________________
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 22/69
20
Wildcard Mask ProblemsBased on the given information list the usable destination addresses or rangeof usable destination addresses that would be permitted or denied for each
access list statement.
1.access-list 125 deny tcp 195.223.50.0 0.0.0.63 host 172.168.10.1 fragments
Answer: __________________________________________________________________
2. access-list 5 permit any any
Answer: __________________________________________________________________
3. access-list 150 permit ip 192.168.30.10 0.0.0.0 192.168.15.0 0.0.0.63
Answer: __________________________________________________________________
4. access-list 120 deny tcp 172.32.4.0 0.0.0.255 192.220.10.0 0.0.0.15
Answer: __________________________________________________________________
5. access-list 108 deny ip 192.220.10.0 0.0.0.15 172.32.4.0 0.0.0.255
Answer: __________________________________________________________________
6. access-list 101 deny ip 140.130.110.100 0.0.0.0 0.0.0.0 255.255.255.255
Answer: __________________________________________________________________
7. access-list 105 permit any 192.168.15.0 0.0.0.255
Answer: __________________________________________________________________
8. access-list 120 permit ip 192.168.15.10 0.0.0.0 192.168.30.0 0.0.0.7
Answer: __________________________________________________________________
9. access-list 160 deny udp 172.16.0.0 0.0.1.255 172.18.10.18 0.0.0.0 eq 21
Answer: __________________________________________________________________
10. access-list 150 permit ip 192.168.15.10 0.0.0.0 192.168.30.0 0.0.0.63
Answer: __________________________________________________________________
Any address
172.168.10.1
195.168.50.1 to 195.223.50.63
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 23/69
WritingStandard Access Lists...
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 24/69
Melvin’s
Computer
172.16.70.35
Kathy’sComputer
192.168.90.38
E0E1
Router A
Frank’s
Computer
172.16.70.32
Jim’s
Computer
192.168.90.36
22
172.16.70.1 192.168.90.2
Write a standard access list to block Melvin’s computer from sending information to Kathy’scomputer; but will allow all other traffic. Keep in mind that there may be multiple ways many ofthe individual statements in an ACL can be written.
Place the access list at:Router Name: Router AInterface: E1Access-list #: 10
[Writing and installing an ACL]
Router# configure terminal (or config t)Router(config)# access-list 10 deny 172.16.70.35
or
access-list 10 deny 72.16.70.35 0.0.0.0or access-list 10 deny host 72.16.70.35
Router(config)# access-list 10 permit 0.0.0.0 255.255.255.255or
access-list 10 permit anyRouter(config)# interface e1Router(config-if)# ip access-group 10 outRouter(config-if)# exitRouter(config)# exit
[Viewing information about existing ACL’s]
Router# show configuration (This will show which access groups are associatedwith particular interfaces)
Router# show access list 10 (This will show detailed information about this ACL)
Standard Access List Sample #1
210.30.28.0
S0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 25/69
23
Write a standard access list to block Jim’s computer from sending information to Frank’scomputer; but will allow all other traffic from the 192.168.90.0 network. Permit all traffic from the210.30.28.0 network to reach the 172.16.70.0 network. Deny all other traffic. Keep in mind that thmay be multiple ways many of the individual statements in an ACL can be written.
Place the access list at:Router Name: Router AInterface: E0Access-list #: 28
[Writing and installing an ACL]
Router# configure terminalRouter(config)# access-list 28 deny 192.168.90.36
or
access-list 28 deny 192.168.90.36 0.0.0.0oraccess-list 28 deny host 192.168.90.36
Router(config)# access-list 28 permit 192.168.90.0 0.0.0.255Router(config)# access-list 28 permit 210.30.28.0 0.0.0.255Router(config)# interface e0Router(config-if)# ip access-group 28 outRouter(config-if)# exitRouter(config)# exitRouter# copy run start
[Disabling ACL’s]
Router# configure terminalRouter(config)# interface e0 Router(config-if)# no ip access-group 28 outRouter(config-if)# exitRouter(config)# exit
[Removing an ACL]
Router# configure terminalRouter(config)# interface e0 Router(config-if)# no ip access-group 28 outRouter(config-if)# exitRouter(config)# no access-list 28Router(config)# exit
Standard Access List Sample #2
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 26/69
Write a standard access list to block Debbie’s computer from receiving information fromMichael’s computer; but will allow all other traffic from the 224.190.32.0 network. List all thecommand line options for this problem. Keep in mind that there may be multiple ways many ofthe individual statements in an ACL can be written.
Place the access list at:Router Name: ___________________________ Interface: _______________________________ Access-list #: ____________________________
[Writing and installing an ACL]
Router# configure terminal (or config t)
Router(config)# ________________________________________________________ or
________________________________________________________ or
________________________________________________________
Router(config)# ________________________________________________________
or ______________________________________________________
Router(config)# interface ________
Router(config-if)# ip access-group ________ in or out (circle one)Router(config-if)# exitRouter(config)# exit
S0
S1
FA0
E1
Router BRouter A
224.190.32.1
192.16.32.94
172.16.28.36Michael’s
Computer
Debbie’s
Computer
224.190.32.16 192.16.32.95
24
Standard Access List Problem #1
FA0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 27/69
Write a standard access list to permit Debbie’s computer to receive information fromMichael’s computer; but will deny all other traffic from the 224.190.32.0 network. Block alltraffic from the 172.16.0.0 network. Permit all other traffic. List all the command line options
for this problem. Keep in mind that there may be multiple ways many of the individualstatements in an ACL can be written.
Place the access list at:Router Name: ___________________________ Interface: _______________________________ Access-list #: ____________________________
[Writing and installing an ACL]
Router# configure terminal (or config t)
Router(config)# ________________________________________________________ or
________________________________________________________ or
________________________________________________________
Router(config)# _________________________________________________________
Router(config)# _________________________________________________________
Router(config)# _________________________________________________________ or
_______________________________________________________
Router(config)# interface ________
Router(config-if)# ip access-group ________ in or out (circle one)Router(config-if)# exitRouter(config)# exit
25
Standard Access List Problem #2
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 28/69
26
S0
S1
E0
FA1
Router B
Router A
204.90.30.124
10.250.30.35
192.168.88.410.250.30.36
Rodney’s
Computer
Jim’sComputer
204.90.30.126
192.168.88.5Carol’sComputer
204.90.30.125
Write a standard access list to block Rodney and Carol’s computer from sending information
to Jim’s computer; but will allow all other traffic from the 204.90.30.0 network. Block all othertraffic. Keep in mind that there may be multiple ways many of the individual statements in anACL can be written.
Place the access list at:Router Name: ___________________________ Interface: _______________________________ Access-list #: ____________________________
[Writing and installing an ACL]
Router# configure terminal (or config t)
Router(config)# ________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
Router(config)# interface ________
Router(config-if)# ip access-group ________ in or out (circle one)Router(config-if)# exitRouter(config)# exit
Standard Access List Problem #3
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 29/69
27
Using a minimum number of commands write a standard access list named “Ralph” to blockCarol’s computer from sending information to Jim’s computer; but will permit Jim to receivedata from Rodney. Block the upper half of the 204.90.30.0 range from reaching Jim’scomputer while permitting the lower half of the range. Block all other traffic. For help withblocking the upper half of the range review page 13 or the wildcard mask problems on pages16 and 17. For help with named ACLs review pages 12 and 13.
Place the access list at:Router Name: ___________________________ Interface: _______________________________ Access-list Name: ____________________________
[Writing and installing an ACL]
Router# configure terminal (or config t)Router(config)# ________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
Router(config)# interface ________
Router(config-if)# ip access-group ________ in or out (circle one)Router(config-if)# exitRouter(config)# exit
Standard Access List Problem #4
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 30/69
28
Write a standard access list to block 172.30.225.2 and 172.30.225.3 from sendinginformation to the 212.180.10.0 network; but will allow all other traffic. Keep in mind thatthere may be multiple ways many of the individual statements in an ACL can be written.
Place the access list at:Router Name: ___________________________ Interface: _______________________________ Access-list #: ____________________________
[Writing and installing an ACL]
Router# configure terminal (or config t)
Router(config)# ________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
Router(config)# interface ________
Router(config-if)# ip access-group ________ in or out (circle one)Router(config-if)# exitRouter(config)# exit
S0 S1E0 E1
S0S1Router B
Router C
Router A
S1
172.30.225.1 212.180.10.5
172.30.225.2
172.30.225.3
212.180.10.6
212.180.10.2
Standard Access List Problem #5
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 31/69
29
Write a standard access list to block and log 212.180.10.2 from sending information to the172.30.225.0 network. Permit and log 212.180.10.6 to send data to the 172.30.225.0 network.Deny all other traffic. Keep in mind that there may be multiple ways many of the individualstatements in an ACL can be written. (Check the example on page 10 for help with the logging
option.)
Place the access list at:Router Name: ___________________________ Interface: _______________________________ Access-list #: ____________________________
[Writing and installing an ACL]
Router# configure terminal (or config t)
Router(config)# ________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
Router(config)# interface ________
Router(config-if)# ip access-group ________ in or out (circle one)Router(config-if)# exitRouter(config)# exit
Standard Access List Problem #6
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 32/69
30
Write a standard access list to block the addresses 192.168.15.1 to 192.168.15.31 fromsending information to the 210.140.15.0 network. Do not permit any traffic from 198.32.10.25
to reach the 210.140.15.0 network. Permit all other traffic. For help with this problem reviewpage 13 or the wildcard mask problems on pages 16 and 17.
Place the access list at:Router Name: ___________________________ Interface: _______________________________ Access-list #: ____________________________
[Writing and installing an ACL]
Router# configure terminal (or config t)
Router(config)# ________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
Router(config)# interface ________
Router(config-if)# ip access-group ________ in or out (circle one)Router(config-if)# exitRouter(config)# exit
S0
S1
FA0
S0
Router B
Router CRouter A
S1
192.168.15.3 198.32.10.25210.140.15.8
Standard Access List Problem #7
FA1
FA0
192.168.15.172
210.140.15.1
198.32.10.25
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 33/69
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 34/69
32
Write a standard access list to block network 192.168.255.0 from receiving information fromthe following addresses: 10.250.1.1, 10.250.2.1, 10.250.4.1, and the entire 10.250.3.0255.255.255.0 network. Allow all other traffic. Keep in mind that there may be multiple waysmany of the individual statements in an ACL can be written.
Place the access list at:Router Name: ___________________________ Interface: _______________________________ Access-list #: ____________________________
[Writing and installing an ACL]
Router# configure terminal (or config t)
Router(config)# ________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
Router(config)# interface ________
Router(config-if)# ip access-group ________ in or out (circle one)Router(config-if)# exitRouter(config)# exit
Standard Access List Problem #9
Router AFA0
FA0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 35/69
WritingExtended Access Lists...
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 36/69
E x t e n d e d A c c e
s s L i s t S a m p l e # 1
D e n y / P e r m i t
S p e c i f i c A d d r e s s e
s
J o h n ’ s
C o m p u t e r
1 7 2 . 1 6 . 7 0 . 3 5
C e l e s t e ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 9 0 . 3 8
F A 0
F A 1
R o u t e r A
G a i l ’ s
C o m p u t e r
1 7 2 . 1 6 . 7 0 . 3 2
M i k e ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 9 0 . 3 6
1 7 2 . 1 6 . 7
0 . 1
1 9 2 . 1 6 8 . 9 0 . 2
W r i t e a n e x t e n d e d a c c e s s l i s t t o p r e v e n t J o h n ’ s c o m p u t e r f r o m s e n d i n g i n f o r m a t i o n t o
M i k e ’ s c o m p u t e r ; b u t w i l l a l l o
w a l l o t h e r
t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n
t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o
u t e r
A
I n t e r f a c e :
F A 0
A c c e s s - l i s t # :
1 1 0
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r #
c o n f i g u r e t e
r m i n a
l ( o r c o n f i g t )
R o u t e r ( c o n f i g ) #
a c c e s
s -
l i s t
1 1 0 d e n y i p
1 7
2 . 1
6 . 7
0 . 3
5
0 . 0 . 0 . 0 1
9 2
. 1 6 8 . 9
0 . 3
6 0 . 0 . 0 . 0
o r
a c c e s s -
l i s t
1 1 0 d e n y i p h o
s t
1 7
2 . 1
6 . 7
0 . 3
5
h o s t
1 9 2
. 1 6 8 . 9
0 . 3
6
R o u t e r ( c o n f i g ) #
a c c e s
s -
l i s t
1 1 0 p e r m i t i p a
n y a n y
o r
a c c e
s s - l i s t
1 1 0
p e r m i t
i p 0
. 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5 0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5
R o u t e r ( c o n f i g ) #
i n t e r
f a c e f a 0
R o u t e r ( c o n f i g - i f ) #
i p
a c c e s s - g r o u p
1 1 0 i n
R o u t e r ( c o n f i g - i f ) #
e x i t
R o u t e r ( c o n f i g ) #
e x i t
34
[ V i e w i n g i n f o r m a t i o n a b o u t e x i
s t i n g A C L ’ s ]
R o u t e r #
s h o w c o n f i g
u r a t i o n
( T h i s w i l l s h o w w h i c h a c c e s s g r o u p s
a r e a s s o c i a t e d w i t h
p a r t i c u l a r i n t e r f a c e s )
R o u t e r #
s h o w a c c e s s l i s t 1 1 0
( T h i s w i l l s h o w d e t a
i l e d i n f o r m a t i o n
a b o u t t h i s A C L )
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 37/69
W r i t e a n e x t e n d e d a c c e s s l i s t t o b l o c k t h e 1 7 2 . 1 6 . 7 0 . 0 n e t w o r k f r o m r e c e i v i n g i n f o r m
a t i o n f r o m M i k e ’ s c o m p u t e r a t 1 9 2 . 1 6 8 . 9 0 . 3 6 .
B l o c k t h e l o w e r h a l f o f t h e
i p a d d r e s s e s f r o m 1 9 2 . 1 6 8 . 9
0 . 0 n e t w o r k f r o m r e a c h i n g G a i l ’ s c o m p u t e r a t 1 7 2 . 1 6 . 7 0 . 3 2 . P e r m i t a l l o t h e r
t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m
a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o
u t e r
A
I n t e r f a c e :
F A 1
A c c e s s - l i s t # :
1 3 5
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 3 5 d e n y i p
1 9 2
. 1 6 8 . 9
0 . 3
6 0 . 0 . 0 . 0
1 7
2 . 1
6 . 7
0 . 0
0 . 0 . 0 . 2
5 5
o r
a c
c e s s -
l i s t
1 3 5
d e n y i p
h o s t
1 9 2
. 1 6 8 . 9
0 . 3
6 1 7
2 . 1
6 . 7
0 . 0
0 . 0 . 0 . 2 5
5
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 3 5 d e n y i p
1 9 2
. 1 6 8 . 9
0 . 0
0 . 0 . 0 . 1
2 7
1 7
2 . 1
6 . 7
0 . 3
2 0 . 0 . 0 . 0
o r
a c c e s s -
l i s t
1 3 5
d e n y i p
1 9 2
. 1 6 8 . 9
0 . 0
0 . 0 . 0 . 1
2 7 h o s t
1 7
2 . 1
6 . 7
0 . 3 2
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 3 5 p e r m i t i p a n y a n y
o r
a c c
e s s - l i s t
1 3 5
p e r m i t
i p
0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5
0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5
R o u t e r
( c o n
f i g
) #
i n t e r f a c e f a
1
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p
1 3 5 i n
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t S a m p l e # 2
D e n y / P e r m i t
S p e c i f i c A d d r e s s e
s
35
[ D i s a b l i n g A C L ’ s ]
R o u t e r #
c o n f
i g u r e t e r m i n a l
R o u t e r ( c o n f i g ) #
i n t e r f a c e e 1
R o u t e r ( c o n f i g - i f ) #
n o i p a c c e s s - g r o u p
1 3 5 o u t
R o u t e r ( c o n f i g - i f ) #
e x i t
R o u t e r ( c o n f i g ) # e
x i t
[ R e m o v i n g a n A C L ]
R o u t e r #
c o n f
i g u r e t e r m i n a l
R o u t e r ( c o n f i
g ) #
i n t e r f a c e e 1
R o u t e r ( c o n f i
g - i f ) #
n o i p a c c e s s - g r o u p
1 3 5 o u t
R o u t e r ( c o n f i
g - i f ) #
e x i t
R o u t e r ( c o n f i
g ) #
n o a c c e s s - l i s t 1 3 5
R o u t e r ( c o n f i
g ) # e
x i t
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 38/69
36
B o b ’ s
C o m p u t e r
1 7 2 . 2 0 . 7 0 . 8 0
J a c k i e ’ s
C
o m p u t e r
1 9 2 . 1
6 8 . 1 2 2 . 1 2 9
F A 0
F A
1
R o u t e r A
C i n d
y ’ s
C o m
p u t e r
1 7 2 . 2 0 . 7 0 . 8 9
J a y ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 1 2 2 . 1 2 8
1 7 2 . 2 0 . 7 0 . 1 5
1 9 2
. 1 6 8 . 1 2 2 . 5 2
W r i t e a n e x t e n d e d a c c e s s l i s t t o p r e v e n t J a y ’ s c o m p u t e
r f r o m r e c e i v i n g i n f o r m a t i o n f r o m C i n d y ’ s c o m p u t e r . P e r m i t
a l l o t h e r t r a f f i c .
K e e p i n m i n d t h a t t h e r e m
a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n
A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
___
_______________________
_______________________
_______________________
______________
___
_______________________
_______________________
_______________________
______________
___
_______________________
_______________________
_______________________
______________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e____________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 1
D e n y / P e r m i t
S p e c i f i c A d d r e s s e
s
R o u t e r B
S 0
S 1
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 39/69
37 W r i t e a n e x t e n d e d a c c e s s l i s t t o b l o c k t h e 1 7 2 . 2 0 . 7 0 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 n e t w o r k f r o m r
e c e i v i n g i n f o r m a t i o n f r o m J a c
k i e ’ s c o m p u t e r a t
1 9 2 . 1 6 8 . 1 2 2 . 1 2 9 . B l o c k t h e l o w e r h a l f o f t h e i p a d d r e s s e s f r o m 1 9 2 . 1 6 8 . 1 2 2 . 0 n e t w o r k f r o m r e a c h i n g C i n d y ’ s c o m
p u t e r a t
1 7 2 . 2 0 . 7 0 . 8 9 . P e r m i t a l l o t h e r t r a f f i c . K e e p i n m i n d t h a
t t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n A C L c a n
b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) # ___
_______________________
_______________________
_______________________
_____________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 2
D e n y / P e r m i t
S p e c i f i c A d d r e s s e
s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 40/69
J a n ’ s
C o m p u t e r
2 1 8 . 3 5 . 5 0 . 1 0
R a c h a e l ’ s
C o m p u t e r
1
7 2 . 5 9 . 2 . 1 8
E 0
F A 1
R o u t e r
A
J u a n ’ s
C o m p u t e r
2 1 8 . 3 5 . 5 0 . 1 2
R e b e c c a ’ s
C o m p u t e r
1 7 2 . 5 9 . 2 . 1 5
2 1 8 . 3 5 . 5 0 . 1
1 7 2 . 5 9 . 2 . 1
E x t e n d e d A c c e
s s L i s t P r o b l e m #
3
D e n y / P e r m i t
S p e c i f i c A d d r e s s e s
R
o u t e r B
S 0
S 1
38 W r i t e a n a m e d e x t e n d e d
a c c e s s l i s t c a l l e d “ L a b_
1 6 6 ” t o p e r m i t J a n ’ s c o m p u t e r a t 2 1
8 . 3 5 . 5 0 . 1 0 t o r e c e i v e p a c k e t s
f r o m R a c h a e l ’ s
c o m p u t e r a t 1 7 2 . 5 9 . 2 . 1 8 ; b u t n o t R e b e c c a ’ s c o m p u t e r a t 1 7 2 . 5 9 . 2 . 1 5 . D e n y a l l o t h e r p a c k e t s . K e e p i n m i n d t h a t t h e r e m a y b e
m u l t i p l e w a y s m a n y o f t h e
i n d i v i d u a l s t a t e m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t N a m e :_____
_______________________
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r #
c o n f i g u r e t e
r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #____
_________________________________________________________________________________
___
_______________________
_______________________
_______________________
_____________
___
_______________________
_______________________
_______________________
_____________
___
_______________________
_______________________
_______________________
_____________
R o u t e r ( c o n f i g ) #
i n t e r
f a c e____________
R o u t e r ( c o n f i g - i f ) #
i p
a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r ( c o n f i g - i f ) #
e x i t
R o u t e r ( c o n f i g ) #
e x i t
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 41/69
W r i t e a n e x t e n d e d a c c e s s l i s t t o a l l o w J u a n ’ s c o m p u t e r
a t 2 1 8 . 3 5 . 5 0 . 1 2 t o s e n d i n f o r m a t i o n t o R e b e c c a ’ s c o m p u t e
r a t 1 7 2 . 5 9 . 2 . 1 5 ;
b u t n o t R a c h a e l ’ s c o m p u t e r a t 1 7 2 . 5 9 . 2 . 1 8 . P e r m i t a l l o
t h e r t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m
a n y o f t h e
i n d i v i d u a l s t a t e m e n t s i n a
n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( ( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 4
D e n y / P e r m i t
S p e c i f i c A d d r e s s e
s
39
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 42/69
C i n d y ’ s
C o m p u t e r
1 9 2 . 1 6 . 2 0 . 6
B a r b r a ’ s
C o m p u t e r
1 9 2 . 1 8 . 5 0 . 1 2
E 0
R o u t e r A
R a l p h ’ s
C o m p u t e r
1 9 2 . 1 6 . 2 0 . 7
B o b ’ s
C o m p u t e r
1 9 2 . 1 8 . 5 0 . 1 1
W r i t e a n e x t e n d e d a c c e s s l i s t t o p e r m i t t h e 1 9 2 . 1 6 . 2 0 . 0
n e t w o r k t o r e c e i v e p a c k e t s f r o m t h e 1 9 2 . 1 8 . 5 0 . 0 n e t w o r k .
D e n y a l l o t h e r
t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n
t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o
u t e r
B
I n t e r f a c e :
E 1
A c c e s s - l i s t # :
1 1 1
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 1 1 p e r m i t i p
1 9 2
. 1 8 . 5
0 . 0
0 . 0 . 0 . 2
5 5
1 9 2
. 1 6 8 . 2
0 . 0
0 . 0
. 0 . 2
5 5
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 1 1 d e n y i p a
n y a n y
o r
a c c e
s s - l i s t
1 1 1
d e n y
i p
0 . 0
. 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5 0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5
. 2 5 5
R o u t e r
( c o n
f i g
) #
i n t e r f a c e e
1
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p
1 1 1 i n
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
1 9 2 . 1 6 . 2 0
. 5
S 0
S 1
1 9 2 . 1 8 . 5 0 . 1 0 E
1
R o u t e r B
[ V i e w i n g i n f o
r m a t i o n a b o u t e x i s t i n g A C L ’ s ]
R o u t
e r #
s h o w c o n f i g u r a t i o n
( T h i s w i l l s h o w w h i c h a c c e s s g r o u p
s a r e a s s o c i a t e d
w i t h p a r t i c u l a r i n t e r f a c e s )
R o u t
e r #
s h o w a c c e s s l i s t 1 1 1
( T h i s w i l l s h o w d e t a i l e d i n f o r m a t i o n
a b o u t t h i s A C L )
40
E x t e n d e d A c c e
s s L i s t S a m p l e # 3
D e n y / P e r m i t
E n t i r e R a n g e s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 43/69
W r i t e a n e x t e n d e d a c c e s s l i s t t o b l o c k t h e 1 9 2 . 1 8 . 5 0 . 0 n e t w o r k f r o m r e c e i v i n g i n f o r m a t i o n f r o m t h e 1 9 2 . 1 6 . 2 0 . 0 n e t w o r k . P e r m i t a l l
o t h e r t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a
t e m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o
u t e r
A
I n t e r f a c e :
E 0
A c c e s s - l i s t # :
1 8 8
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 8 8 d e n y i p
1 9 2
. 1 6
. 2 0 . 0
0 . 0 . 0 . 2 5
5 1 9 2
. 1 8 . 5
0 . 0
0 . 0 . 0 .
2 5 5
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 8 8 p e r m i t i p
a n y a n y
o r
a c c e s s - l i s t
1 8 8
p e r m i t
i p
0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5
0 . 0 . 0
. 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5
R o u t e r
( c o n
f i g
) #
i n t e r f a c e e 0
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p
1 8 8 i n
R o u t e r
( c o n
f i g -
i f ) # e
x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t S a m p l e # 4
D e n y / P e r m i t
E n t i r e R a n g e s
[ D i s a b l i n g A C
L ’ s ]
R o u t e r #
c o n
f i g u r e t e r m i n a l
R o u t e r ( c o n f i g ) #
i n t e r f a c e e 0
R o u t e r ( c o n f i g - i f ) #
n o i p a c c e s s - g r o u p 1 8 8 o u t
R o u t e r ( c o n f i g - i f ) #
e x i t
R o u t e r ( c o n f i g ) # e
x i t
[ R e m o v i n g a n
A C L ]
R o u t e r #
c o n
f i g u r e t e r m i n a l
R o u t e r ( c o n f i g ) #
i n t e r f a c e e 0
R o u t e r ( c o n f i g - i f ) #
n o i p a c c e s s - g r o u p 1 8 8 o u t
R o u t e r ( c o n f i g - i f ) #
e x i t
R o u t e r ( c o n f i g ) #
n o a c c e s s - l i s t 1 8 8
R o u t e r ( c o n f i g ) # e
x i t
41
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 44/69
W r i t e a n e x t e n d e d a c c e s
s l i s t t o p e r m i t n e t w o r k 2 0 4 . 9 5
. 1 5 0 . 0 t o s e n d p a c k e t s t o n e t w o r k 1 7 2 . 5 9 . 0 . 0 , b u t n o t t h e 2
1 0 . 2 5 0 . 1 0 . 0
n e t w o r k . P e r m i t a l l o t h e r t r a f f i c . K e e p i n m i n d t h a t t h e r e
m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n
a n A C L c a n b e
w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :_______________________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #__________________________
_______________________
_______________________
______________
___
_______________________
____________________________________________________________
___
_______________________
____________________________________________________________
___
_______________________
____________________________________________________________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e____________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_____
____
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R a c h e l ’ s
C o m p u t e r
2 0 4 . 9 5 . 1 5 0 . 1 0
D a v i d ’ s
C o m p u t e r
1 7 2 . 5 9 . 2 . 1 8
F A 0
F A 1
R o u t e r A
T o d d ’ s
C o m
p u t e r
2 0 4 . 9 5 . 1 5 0 . 1 2
R e b e c c a ’ s
C o m p u t e r
1 7 2 . 5 9 . 2 . 1 5
2 0 4 . 9 5 . 1 5 0 . 1 1
1 7 2 . 5 9 . 2 . 1
E x t e n d e d A c c e
s s L i s t P r o b l e m # 5
D e n y / P e r m i t E n t i r e R a n g e s
R o u t e r B
S 0
S 1
42
2 1 0 . 2 5 0 . 1 0 . 0
S 0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 45/69
W r i t e a n e x t e n d e d a c c e s s l i s t t o a l l o w R a c h e l ’ s c o m p u t e r a t 2 0 4 . 9 5 . 1 5 0 . 1 0 t o r e c e i v e
i n f o r m a t i o n f r o m t h e 1 7 2 . 5 9 . 0 . 0 n e t w o r k .
D e n y a l l o t h e r h o s t s o n t h
e 2 0 4 . 9 5 . 1 5 0 . 0 n e t w o r k a c c e s s f r o m t h e 1 7 2 . 5 9 . 2 . 0 n e t w o r
k . P e r m i t a l l o t h e r t r a f f i c . K e e
p i n m i n d t h a t
t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e
m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 6
D e n y / P e r m i t
E n t i r e R a n g e s
43
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 46/69
44
P h y l l i s ’ s
C o m p u t e r
1 7 2 . 1 2 0 . 1 7 0 . 4 5
D e n i s e ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 5 0 . 4
E 0
E 1
R o u t e r A
T o m
m y ’ s
C o m
p u t e r
1 7 2 . 1 2 0 . 1 7 0 . 4 5
T i m ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 5 0 . 3
1 7 2 . 1 2 0 . 1 7 0 . 4 5
1 9 2 . 1 6 8 . 5 0 . 2
W r i t e a n a m e d e x t e n d e d
a c c e s s l i s t c a l l e d “ G o d z i l l a ” t o
p r e v e n t t h e 1 7 2 . 1 2 0 . 0 . 0 n e t w
o r k f r o m s e n d i n g i n f o r m a t i o n
t o t h e
2 1 0 . 1 6 8 . 7 0 . 0 , a n d 1 0 . 2 5
0 . 1 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 n e t w o r k s ; b u t w i l l p e r m i t t r a f f i c t o t h e 1 9 2 . 1 6 8 . 5 0 . 0 n e t w o r k . P e r m i t a
l l o t h e r t r a f f i c .
K e e p i n m i n d t h a t t h e r e m
a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n
A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t N a m e :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) # _______________________________________________________________________
______________
________________________________________________
_______________________
_____________
________________________________________________
_______________________
_____________
________________________________________________
_______________________
_____________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e____________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 7
D e n y / P e r m i t
E n t i r e R a n g e s
R o u t e r B
S 0
S 1
1 0 . 2 5 0 . 1 . 0
2 1 0 . 1 6 8 . 7 0 . 0
E 1
S 0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 47/69
45
A s s u m i n g d e f a u l t s u b n e t
m a s k s w r i t e a n e x t e n d e d a c c
e s s l i s t t o p e r m i t T i m a t 1 9 2 . 1
6 8 . 5 0 . 3 t o r e c e i v e d a t a f r o m t h e 1 7 2 . 1 2 0 . 0 . 0
n e t w o r k . A l l o w t h e 1 9 2 . 1 6 8 . 5 0 . 0 n e t w o r k t o r e c e i v e i n f o r m a t i o n f r o m P h y l l i s ’ s c o m p u t e r a t 1 7 2 . 1 2 0 . 1 7 0 . 4 5 . D e n y
a l l o t h e r t r a f f i c .
K e e p i n m i n d t h a t t h e r e m
a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n
A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 8
D e n y / P e r m i t
E n t i r e R a n g e s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 48/69
R o d n e y ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 1 5 . 4 4
F r a n k ’ s
C o m p u t e r
1
7 2 . 2 1 . 5 0 . 9 7
F A 0 R
o u t e r A
J i m ’ s
C o m p u
t e r
1 9 2 . 1 6 8 . 1 5 . 4 3
C a r o l ’ s
C o m p u t e r
1 7 2 . 2 1 . 5 0 . 9 6
W r i t e a n e x t e n d e d a c c e s s l i s t t o d e n y t h e f i r s t 1 5 u s a b l e a d d r e s s e s o f t h e 1 9 2 . 1 6 8 . 1 5
. 0 n e t w o r k f r o m r e a c h i n g t h e
1 7 2 . 2 1 . 0 . 0
n e t w o r k . P e r m i t a l l o t h e r
t r a f f i c . K e e p i n m i n d t h a t t h e r
e m a y b e m u l t i p l e w a y s m a n y
o f t h e i n d i v i d u a l s t a t e m e n t s i n
a n A C L c a n b e
w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o
u t e r
A
I n t e r f a c e :
F A 0
A c c e s s - l i s t # :
1 8 5
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 8 5 d e n y i p
1 9 2
. 1 6 8 . 1
5 . 0
0 . 0 . 0 . 1
5 1 7
2 . 2
1 . 5
0 . 0
0 . 0 . 2 5
5 . 2
5 5
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 8 5 p e r m i t i p a n y a n y
o r
a c c e s s - l i s t
1 8 5
p e r m i t i
p
0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5
5 . 2
5 5
0 . 0 . 0 . 0
2 5 5 . 2 5
5 . 2
5 5 . 2
5 5
R o u t e r
( c o n
f i g
) #
i n t e r f a c e f a
1
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p
1 8 5 i n
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
E x t e n d e d A c c e
s s L i s t S a m p l e # 5
D e n y / P e r m i t
a R a n g e o f A d d r e s s e s
1 9 2 . 1 6 8 . 1 5 . 2 0
S 0
S 1
1 7 2 . 2 1 . 5
0 . 9 5
E
1
R o u t e r B
46
[ V i e w i n g i n f o
r m a t i o n a b o u t e x i s t i n g A C L ’ s ]
R o u t
e r #
s h o w c o n f i g u r a t i o n
( T h i s w i l l s h o w w h i c h a c c e s s g r o u p
s a r e a s s o c i a t e d
w i t h p a r t i c u l a r i n t e r f a c e s )
R o u t
e r #
s h o w a c c e s s l i s t 1 8 5
( T h i s w i l l s h o w d e t a i l e d i n f o r m a t i o n
a b o u t t h i s A C L )
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 49/69
W r i t e a n e x t e n d e d a c c e s s l i s t w h i c h w i l l a l l o w t h e l o w e r
h a l f o f 1 9 2 . 1 6 8 . 1 5 . 0 n e t w o r k a c c e s s t o t h e 1 7 2 . 2 1 . 5 0 . 0 n e t w o r k . D e n y a l l
o t h e r t r a f f i c . K e e p i n m i n d
t h a t t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o
u t e r
A
I n t e r f a c e :
F A 0
A c c e s s - l i s t # :
1 2 1
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 2 1 p e r m i t i
p 1 9 2
. 1 6 8 . 1
5 . 0
0 . 0 . 0 . 1
2 7
1 7
2 . 2
1 . 5
0 . 0
0 . 0 . 0 . 2
5 5
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 2 1 d e n y i p a
n y a n y
o r
a c c e s s - l i s t
1 2 1
d e n y
i p 0
. 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5
0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5
R o u t e r
( c o n
f i g
) #
i n t e r f a c e f a 0
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p
1 2 1 i n
R o u t e r
( c o n
f i g -
i f ) # e
x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t a r t
E x t e n d e d A c c e
s s L i s t S a m p l e # 6
D e n y / P e r m i t
a R a n g e o f A d d r e s s e s
[ D i s a b l i n g A C
L ’ s ]
R o u t e r #
c o n
f i g u r e t e r m i n a l
R o u t e r ( c o n f i g ) #
i n t e r f a c e f a 0
R o u t e r ( c o n f i g - i f ) #
n o i p a c c e s s - g r o u p 1 2 1 i n
R o u t e r ( c o n f i g - i f ) #
e x i t
R o u t e r ( c o n f i g ) # e
x i t
[ R e m o v i n g a n
A C L ]
R o u t e r #
c o n
f i g u r e t e r m i n a l
R o u t e r ( c o n f
i g ) #
i n t e r f a c e f a 0
R o u t e r ( c o n f
i g - i f ) #
n o i p a c c e s s - g r o u p 1 2 1 i n
R o u t e r ( c o n f
i g - i f ) #
e x i t
R o u t e r ( c o n f
i g ) #
n o a c c e s s - l i s t 1 2 1
R o u t e r ( c o n f
i g ) # e
x i t
47
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 50/69
W r i t e a n e x t e n d e d a c c e s s l i s t t o p r e v e n t t h e f i r s t 3 1 u s a
b l e a d d r e s s e s i n t h e 1 9 2 . 1 6 8
. 1 2 5 . 0 n e t w o r k f r o m r e a c h i n g t h e
1 9 2 . 1 6 8 . 1 9 5 . 0 n e t w o r k . P e r m i t a l l o t h e r t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n
A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :_______________________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #_________________________________________________
_______________________
______________
___
_______________________
_______________________
_______________________
______________
___
_______________________
_______________________
_______________________
______________
___
_______________________
_______________________
_______________________
______________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e____________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 9
D e n y / P e r m i t
a R a n g e o f A d d r e s s e s
J o h n ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 1 9 5 . 8 8
C e l e s t e ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 1 2 5 . 1 0 8
E 0
E 1
R o u t e r A
G a i l ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 1 9 5 . 1 4 5
M i k e ’ s
C o m p u t e r
1
9 2 . 1 6 8 . 1 2 5 . 1 7
1 9 2 . 1 6 8 . 1 9 5 . 9 0
1 9 2 . 1 6 8 . 1 2 5 . 2 5 4
48
1 7 2 . 3 1 . 1 9 5 . 0
S 0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 51/69
49
W r i t e a n a m e d e x t e n d e d
a c c e s s l i s t c a l l e d “ M e d i a_
C e n
t e r ” t o p e r m i t t h e r a n g e o f a d d r e s s e s f r o m 1 7 2 . 3 1 . 1 9 5 . 1 t h
r o u g h
1 7 2 . 3 1 . 1 9 5 . 7 t o s e n d d a t e t o t h e 1 9 2 . 1 6 8 . 1 2 5 . 0 n e t w o
r k . D e n y a l l o t h e r t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m a n y
o f t h e i n d i v i d u a l s t a t e m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t N a m e :_____
_______________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p________________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 1 0
D e n y / P e r m i t
a R a n g e o f A d d r e s s e s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 52/69
C i n d y ’ s
C o m p u t e r
1 9 2 . 1 6 . 2 0 . 6
B a r b r a ’ s
C o m p u t e r
1 7 2 . 1 8 . 5 0 . 1 2
F A 0
R o u t e r A
R a l p h
’ s
C o m p
u t e r
1 9 2
. 1 6 . 2 0 . 7
B o b ’ s
C o m p u t e r
1 7 2 . 1 8 . 5 0 . 1 1
B r a d ’ s
C o m p u t e r
1 7 2 . 2 2 . 7 5 . 1 0 J
i l l ’ s C o m
p u t e r
1 7 2 . 2 2 . 7 5 . 9
1 9 2 . 1
6 . 2 0 . 5
E
1
S 0
1 7 2 . 2 2 . 7 5 . 8
S 1
S 0
S 1 1 7 2 . 1 8 . 5 0 . 1 0
F A 1
R o u t e r
B
R o u t e r C
W r i t e a n e x t e n d e d a c c e s
s l i s t t o p e r m i t t h e f i r s t 3 u s a b l e a d d r e s s e s i n t h e 1 9 2 . 1 6 . 2 0
. 0 n e t w o r k t o r e a c h t h e 1 7 2 . 2
2 . 7 5 . 0 n e t w o r k .
D e n y t h e a d d r e s s e s f r o m
1 9 2 . 1 6 . 2 0 . 4 t h r o u g h 1 9 2 . 1 6 . 2 0 . 3 1 f r o m r e a c h i n g t h e 1 7 2 . 2 2 . 7 5 . 0 n e t w o r k . P e r m i t a l l o t h e r t r a f f i c . K e e p i n
m i n d t h a t t h e r e a r e m u l t i p l e w a y s t h i s A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :___________________________
I n t e r f a c e :_______________________________
A c c e s s - l i s t # :________
____________________
[ W r i t i n g a n d i n s t a l l i n g
a n A C L ]
R o u t e r #
c o n f i g u r e t e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #___
_______________________
_______________________
_______________________
______________
______________________________________________________________________________________
______________________________________________________________________________________
______________________________________________________________________________________
R o u t e r ( c o n f i g ) #
i n t e r f a c e____________
R o u t e r ( c o n f i g - i f ) #
i p
a c c e s s - g r o u p________
_ i n o r o u t ( c i r c l e o n e )
R o u t e r ( c o n f i g - i f ) #
e x
i t
E x t e n d e d A c c e
s s L i s t P r o b l e m #
1 1
D e n y / P e r m i t
a R a n g e o f A d d r e s s e s
50
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 53/69
51
W r i t e a n e x t e n d e d a c c e s s l i s t t o d e n y t h e a d d r e s s e s f r o m 1 7 2 . 2 2 . 7 5 . 8 t h r o u g h 1 7 2 . 2 2 . 7 5 . 1 2 7 f r o m s e n d i n g d a t a
t o t h e 1 7 2 . 1 8 . 5 0 . 0
n e t w o r k . D e n y t h e f i r s t h a l f o f t h e a d d r e s s e s f r o m t h e 1 7 2 . 2 2 . 7 5 . 0 n e t w o r k f r o m r e a c h i n g t h e 1 9 2 . 1 6 . 2 0 . 0 n e t w o r k . P e r m i t a l l o t h e r
t r a f f i c . K e e p i n m i n d t h a t t h e r e a r e m u l t i p l e w a y s t h i s A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
___
_____________________________________________
_______________________
_____________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 1 2
D e n y / P e r m i t
a R a n g e o f A d d r e s s e s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 54/69
52
C e l e s t e ’ s
C o m p u t e r
1 7 2 . 1 6 . 7 0 . 1 4 5
D e n i s e ’ s
C o m p u t e r
1 9
2 . 1 6 8 . 8 8 . 2 0 4
F A 0
F A
1
R o u t e r
A
B o b
’ s
C o m
p u t e r
1 7
2 . 1 6 . 7 0 . 1 5 5
P e g g y ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 8 8 . 2 0 0
1 7 2 . 1 6 . 7 0 . 1
1 9
2 . 1 6 8 . 8 8 . 1
R o u t e r B
S 0
S 1
1 0 . 2 5 0 . 4 . 0
1 0 . 2 5 0 . 1 . 0
F A 1
F A 0
W r i t e a n e x t e n d e d a c c e s
s l i s t t o p e r m i t t h e f i r s t 6 3 u s a b l e a d d r e s s e s i n t h e 1 9 2 . 1 6 8 .
8 8 . 0 n e t w o r k t o r e a c h t h e l o w
e r h a l f o f t h e
a d d r e s s e s i n t h e 1 7 2 . 1 6 . 7 0 . 0 n e t w o r k ; b u t n o t t h e u p p e r h a l f . D e n y a l l o t h e r t r a f f i c . K
e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s
m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :___________________________
I n t e r f a c e :_______________________________
A c c e s s - l i s t # :________
____________________
[ W r i t i n g a n d i n s t a l l i n g
a n A C L ]
R o u t e r #
c o n f i g u r e t e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #___
_______________________
_______________________
_______________________
______________
______________________________________________________________________________________
______________________________________________________________________________________
______________________________________________________________________________________
R o u t e r ( c o n f i g ) #
i n t e r f a c e____________
R o u t e r ( c o n f i g - i f ) # i p
a c c e s s - g r o u p________
_ i n o r o u t ( c i r c l e o n e )
R o u t e r ( c o n f i g - i f ) # e x
i t
E x t e n d e d A c c e
s s L i s t P r o b l e m #
1 3
D e n y / P e r m i t
a R a n g e o f A d d r e
s s e s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 55/69
53 W r i t e a n e x t e n d e d a c c e s s l i s t t o d e n y t h e a d d r e s s e s f r o m 1 0 . 2 5 0 . 1 . 0 t h r o u g h 1 0 . 2 5 0
. 1 . 6 3 f r o m s e n d i n g d a t a t o D e n i s e ’ s c o m p u t e r .
P e r m i t a l l o t h e r t r a f f i c . K e
e p i n m i n d t h a t t h e r e m a y b e m
u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n A C L c
a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :___________________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
____
_____________________________________________
____________________________________
____
_____________________________________________
____________________________________
____
_____________________________________________
____________________________________
___
____________________________________________________________________
_____________
___
____________________________________________________________________
_____________
___
____________________________________________________________________
_____________
___
____________________________________________________________________
_____________
R o u t e r
( c o n
f i g
) #
i n t e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) # e
x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 1 4
D e n y / P e r m i t
a R a n g e o f A d d r e s s e s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 56/69
1 9 2 . 1 6 8 . 2 0 7 . 2 6
E 0 R
o u t e r A
W e b S e
r v e r
1 9 2 . 1 6 8 . 2 0 7 . 2 7
W e b S e r v e r
2 1 0 . 1 2 8 . 5 0 . 1 1
W r i t e a n e x t e n d e d a c c e s s l i s t t o d e n y H T T P t r a f f i c i n t e n
d e d f o r w e b s e r v e r 1 9 2 . 1 6 8 . 2 0 7 . 2 7 , b u t w i l l p e r m i t a l l o t h e r H T T P t r a f f i c t o
r e a c h t h e o n l y t h e 1 9 2 . 1 6
8 . 2 0 7 . 0 n e t w o r k . D e n y a l l o t h e r I P t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m
a n y o f t h e
i n d i v i d u a l s t a t e m e n t s i n a
n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o
u t e r
A
I n t e r f a c e :
E 0
A c c e s s - l i s t # :
1 9 8
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 9 8 d e n y t c p
a n y
1 9 2
. 1 6 8 . 2
0 7 . 2 7
0 . 0 . 0 . 0
e q w w w
o r
a
c c e s s -
l i s t
1 9 8 d e n y t
c p a n y h o s t
1 9 2
. 1 6 8 . 2
0 7 . 2
7 e q w w w
R o u t e r
( c o n
f i g
) #
a c c e s s -
l i s t
1 9 8 p e r m i t t
c p a n y
1 9 2
. 1 6 8 . 2
0 7 . 0
0 . 0 . 0 . 2
5 5 e q w w w
R o u t e r
( c o n
f i g
) #
i n t e r f a c e e 0
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p
1 9 8 i n
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
1 9 2 . 1 6 8 . 2 0 7 . 2 5
S 0
S 1 2
1 0 . 1 2 8 . 5 0 . 1 0
E
1
R o u t e r B
[ V i e w i n g i n f o
r m a t i o n a b o u t e x i s t i n g A C L ’ s ]
R o u t
e r #
s h o w c o n f i g u r a t i o n
( T h i s w i l l s h o w w h i c h a c c e s s g r o u p
s a r e a s s o c i a t e d
w i t h p a r t i c u l a r i n t e r f a c e s )
R o u t
e r #
s h o w a c c e s s l i s t 1 9 8
( T h i s w i l l s h o w d e t a i l e d i n f o r m a t i o n
a b o u t t h i s A C L )
54
E x t e n d e d A c c e
s s L i s t S a m p l e # 7
D e n y / P e r m i t
P o r t N u m b e r s
2 1 0 . 1 2 8 . 5 0 . 1 2
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 57/69
W r i t e a n e x t e n d e d a c c e s s
l i s t t o p e r m i t p i n g s i n e i t h e r d i r e c t i o n b e t w e e n h o s t s o n t h e 2 1 0 . 1 2 8 . 5 0 . 0 a n d 1 9 2 . 1 6 8 . 2 0 7 . 0 n e t w o r k s .
D e n y a l l o t h e r t r a f f i c . K e e p
i n m i n d t h a t t h e r e m a y b e m u
l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n A C L c a n
b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o u
t e r
A
I n t e r f a c e :
E
0
A c c e s s - l i s t # :
1 3
4
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t e
r m i n a
l
R o u t e r
( c o n
f i g
) #
a c c
e s s - l i s t
1 3 4
p e r m i t
i c m
p
2 1 0 . 1
2 8 . 5
0 . 0
0 . 0 . 0 .
2 5 5
1 9 2 . 1
6 8 . 2
0 7 . 0
0 . 0
. 0 . 2
5 5
e c h o - r e p l y
R o u t e r
( c o n
f i g
) #
i n t e
r f a c e e 0
R o u t e r
( c o n
f i g -
i f ) #
i
p a c c e s s - g r o u p
1 3
4 i n
R o u t e r
( c o n
f i g -
i f ) # e x
i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t a
r t
E x t e n d e d A c c e s s L i s t S a m p l e # 8
D e n y / P e r m i t P o r t N u m b e r s
[ D i s a b l i n g A C
L ’ s ]
R o u t e r #
c o n
f i g u r e t e r m i n a l
R o u t e r ( c o n f i g ) #
i n t e r f a c e e 0
R o u t e r ( c o n f i g - i f ) #
n o i p a c c e s s - g r o u p 1 3 4 o u t
R o u t e r ( c o n f i g - i f ) #
e x i t
R o u t e r ( c o n f i g ) # e
x i t
[ R e m o v i n g a n
A C L ]
R o u t e r #
c o n
f i g u r e t e r m i n a l
R o u t e r ( c o n f i g ) #
i n t e r f a c e e 0
R o u t e r ( c o n f i g - i f ) #
n o i p a c c e s s - g r o u p 1 3 4 o u t
R o u t e r ( c o n f i g - i f ) #
e x i t
R o u t e r ( c o n f i g ) #
n o a c c e s s - l i s t 1 3 4
R o u t e r ( c o n f i g ) # e
x i t
55
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 58/69
W r i t e a n e x t e n d e d a c c e s
s l i s t t o p e r m i t D e n i s e ’ s a n d B
o b ’ s c o m p u t e r s t o t e l n e t i n t o R o u t e r B . D e n y a l l o t h e r t e l n e t t r a f f i c K e e p i n
m i n d t h a t t h e r e m a y b e m
u l t i p l e w a y s m a n y o f t h e i n d i v
i d u a l s t a t e m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o u t e r
B
I n t e r f a c e :
l i n e V T Y
0 4
A c c e s s - l i s t # :
4 5
[ W r i t i n g a n d i n s t a l l i n g
a n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #
a c
c e s s -
l i s t
4 5 p e r m i t 1
9 2
. 1 6 8 . 3
3 . 2
1 4 0 . 0 . 0 .
0
o r
a
c c e s s -
l i s t
4 5
p e r m i t
h o s t
1 9 2
. 1 6 8 . 3
3 . 2
1 4
R o u t e r
( c o n
f i g
) #
a c
c e s s -
l i s t
4 5 p e r m i t 1
9 2
. 3 0 . 7
6 . 1
5 5 0 . 0 . 0 . 0
o r
a
c c e s s -
l i s t
4 5
p e r m i t
h o s t
9 2
. 3 0 . 7
6 . 1
5 5
R o u t e r
( c o n
f i g
) #
l i n
e v t y 0
4
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - c
l a s s
4 5 i n
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
[ V i e w i n g i n f o r m a t i o n a b o u t e x i s t i n g A C L ’ s ]
R o u t e r #
s h o w c o n f i g u r a t i o n
( T h i s w i l l s h o w w h i c h a c c e s s g r o u
p s a r e a s s o c i a t e d
w i t h p a r t i c u l a r i n t e r f a c e s )
R o u t e r #
s h o w a c c e s s l i s t 4 5
( T h i s w i l l s h o w d e t a i l e d i n f o r m a t i o n a b o u t t h i s A C L )
S t a n d a r d A c c e
s s L i s t S a m p l e # 9
D e n y / P e r m i t T e l n e t
56
C e l e s t e ’ s
C o m p u t e r
1 9 2 . 3 0 . 7 6 . 1 4 5
D e n i s e ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 3 3 . 2 1 4
E 0
E 1
R o u t e r A
B o b ’ s
C o m
p u t e r
1 9 2 . 3 0 . 7 6 . 1 5 5
P e g g y ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 3 3 . 2 1 0
1 7 2 . 2 0 . 7 0 . 1
1 9 2 . 1 6 8 . 3 3 . 1
R o u t e r B
S 0
S 1
1 7 2 . 1 6 . 1 6 . 0
1 0 . 2 5 0 . 4 . 0
E 1
E 0
( u s i n g l i n e V T Y 0
4 i n s t e a d o
f a n i n t e r f a c e l i k e E 1 a l l o w s y o u
t o a
p p l y t h i s a c c e s s l i s t t o a l l V T Y l i
n e s w i t h o n e s t a t e m e n t )
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 59/69
W r i t e a n e x t e n d e d a c c e s s
l i s t t o d e n y F T P t o i p a d d r e s s
e s 1 9 2 . 3 0 . 7 6 . 0 t h r o u g h 1 9 2 . 3 0 . 7 6 . 1 3 .
P e r m i t a l l o t h e r t r a f f i c . K e e p i n m i n d t h a t t h e r e m a y b e m
u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :
R o u t e r
A
I n t e r f a c e :
E 0
A c c e s s - l i s t # :
1
5 5
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l
R o u t e r
( c o n
f i g
) #
a c c e s s - l i s t 1 5 5
d e n y
t c p
a n y
1 9 2 . 3
0 . 7
6 . 0
0 . 0 . 0 .
1 3
e q f t p
R o u t e r
( c o n
f i g
) #
a c c
e s s - l i s t 1 5 5 p
e r m i t t c p a n y a n y
o r
a c c e s s - l i s t
1 5 5
d e n y
t c p
0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2
5 5 . 2
5 5
0 . 0 . 0 . 0
2 5 5 . 2
5 5 . 2 5
5 . 2
5 5
R o u t e r
( c o n
f i g
) #
i n t e r f a c e e 0
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p
1 5 5 i n
R o u t e r
( c o n
f i g -
i f ) # e
x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t a r t
E x t e n d e d A c c e
s s L i s t S a m p l e # 1 0
D e n y / P e r m i t P o r t N u m b e r s
[ D i s a b l i n g A C
L ’ s ]
R o u t e r #
c o n f i g u r e t e r m i n a l
R o u t e r ( c o n
f i g ) #
i n t e r f a c e e 0
R o u t e r ( c o n
f i g - i f ) #
n o i p a c c e s s - g r o u p 1 5 5 o u t
R o u t e r ( c o n
f i g - i f ) #
e x i t
R o u t e r ( c o n
f i g ) # e
x i t
[ R e m o v i n g a n A C L ]
R o u t e r #
c o n f i g u r e t e r m i n a l
R o u t e r ( c o n
f i g ) #
i n t e r f a c e e 0
R o u t e r ( c o n
f i g - i f ) #
n o i p a c c e s s - g r o u p 1 5 5 o u t
R o u t e r ( c o n
f i g - i f ) #
e x i t
R o u t e r ( c o n
f i g ) #
n o a c c e s s - l i s t 1 5 5
R o u t e r ( c o n
f i g ) # e
x i t
57
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 60/69
58
J a c k i e ’ s
C o m p u t e r
1 7 2 . 1 6 . 1 2 5 . 1
J e n n i f e r ’ s
C o m p u t e r
1 9 2 . 1 2 8 . 4 5 . 3 5
E 0
F A
1
R
o u t e r A
B i l l ’ s
C o m p u t e r
1 9 2 . 1 2 8 . 4 5 . 3 3
1 7 2 . 1 6 . 7 0 . 1
1 9 2 . 1 2 8 . 4 5 . 8
R o u t e r B
S 0 S
1
1 0 . 2 5 0 . 8 . 0
1 0 . 2
5 0 . 2 . 0
E 1
F A 0
W r i t e a n e x t e n d e d a c c e s s l i s t t o p e r m i t I C M P t r a f f i c f r o m t h e 1 9 2 . 1 2 8 . 4 5 . 0 n e t w o r k t
o r e a c h t h e 1 7 2 . 1 6 . 1 2 5 . 0 2 5 5
. 2 5 5 . 2 5 5 . 0 a n d
1 0 . 2 5 0 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 n e t w o r k s . D e n y a l l o t h e r t r a f f i c . K e e p i n m i n d t h a t t h e r e m
a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l
s t a t e m e n t s i n a n A C L c a n
b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r #
c o n f i g u r e t e
r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
___
_______________________
_______________________
_______________________
______________
___
_______________________
_______________________
_______________________
______________
___
_______________________
_______________________
_______________________
______________
R o u t e r ( c o n f i g ) #
i n t e r
f a c e____________
R o u t e r ( c o n f i g - i f ) #
i p
a c c e s s - g r o u p________
_ i n o r o u t ( c i r c l e o n e )
R o u t e r ( c o n f i g - i f ) #
e x i t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 1 5
D e n y / P e r m i t
a P o r t N u m b e r s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 61/69
59
W r i t e a n a m e d e x t e n d e d a c c e s s l i s t c a l l e d “ P e g g y s_ L a
b ” t o d e n y t e l n e t f r o m 1 0 . 2 5 0
. 8 . 0 t h r o u g h 1 0 . 2 5 0 . 8 . 1 2 7 f r o
m r e a c h i n g t h e
1 9 2 . 1 2 8 . 4 5 . 0 n e t w o r k . P
e r m i t a l l o t h e r t r a f f i c . K e e p i n
m i n d t h a t t h e r e m a y b e m u l t i p
l e w a y s m a n y o f t h e i n d i v i d u a
l s t a t e m e n t s i n a n
A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :___________________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t N a m e :_____
_______________________
[ W r i t i n g a n d i n s t a l l i n g a
n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
____
_____________________________________________
____________________________________
____
_____________________________________________
____________________________________
____
_____________________________________________
____________________________________
___
____________________________________________________________________
_____________
___
____________________________________________________________________
_____________
___
____________________________________________________________________
_____________
___
____________________________________________________________________
_____________
R o u t e r
( c o n
f i g
) #
i n t e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) # e
x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 1 6
D e n y / P e r m i t
a P o r t N u m b e r s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 62/69
W r i t e a n a c c e s s l i s t t o p e
r m i t B e c k y a n d M a r y ’ s c o m p u
t e r t o t e l n e t i n t o R o u t e r B . D e n y a l l o t h e r t e l n e t t r a f f i c f r o m t h e 1 7 2 . 6 0 . 1 8 . 0
n e t w o r k . K e e p i n m i n d t h
a t t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e m
e n t s i n a n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :___________________________
I n t e r f a c e :___________
____________________
A c c e s s - l i s t # :________
____________________
[ W r i t i n g a n d i n s t a l l i n g
a n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #___
_______________________
_______________________
_____________________________________
______________________________________________________________________________________
______________________________________________________________________________________
______________________________________________________________________________________
R o u t e r
( c o n
f i g
) #
i n t e r f a c e____________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_____
____
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
W e b S e r v e r # 2
2 0 3 . 1 9 4 . 1 0 0 . 1 0 1
M a r y ’ s
C o m p u t e r
1 7 2
. 6 0 . 1 8 . 1 4 2
F A 0
F A 1
R o u t e r
A
W e b S e r v e r # 1
2 0 3 . 1 9 4 . 1 0 0 . 1 0 2
B e c k y ’ s
C o m p u t e r
1 7 2 . 6 0 . 1 8 . 1 4 0
2 0 3 . 1 9 4 . 1 0 0 . 1
1 7 2 . 6 0 . 1 8 . 1
A c c e s s L i s t P r o b l e m # 1 7
D e n y / P e r m i t P o r t N u m b e r s
R o u t e r B
S 0
S 1
60
2 0 4 . 2 5 0 .
1 0 . 0
S 0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 63/69
W r i t e a n e x t e n d e d a c c e s s l i s t t o d e n y a l l H T T P t r a f f i c i n
t e n d e d f o r t h e w e b s e r v e r a t 2
0 3 . 1 9 4 . 1 0 0 . 1 0 2 . P e r m i t H T T
P t r a f f i c t o a n y
o t h e r w e b s e r v e r s . D e n y
a l l o t h e r I P t r a f f i c t o t h e 2 0 3 . 1 9 4 . 1 0 0 . 0 n e t w o r k . K e e p i n m i n d t h a t t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e
i n d i v i d u a l s t a t e m e n t s i n a
n A C L c a n b e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
E x t e n d e d A c c e
s s L i s t P r o b l e m # 1 8
D e n y / P e r m i t
P o r t N u m b e r s
61
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 64/69
W r i t e a n a c c e s s l i s t t o p e
r m i t T F T P t r a f f i c t o a l l h o s t s o n t h e 1 9 2 . 1 6 8 . 1 5 . 0 n e t w o r k . D
e n y a l l o t h e r T F T P t r a f f i c . K e e p i n m i n d t h a t
t h e r e m a y b e m u l t i p l e w a y s m a n y o f t h e i n d i v i d u a l s t a t e
m e n t s i n a n A C L c a n b e w r i t t e
n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :_______________________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t e r m i n a
l ( o r c o n f i g t )
R o u t e r
( c o n
f i g
) #__________________________
_______________________
_______________________
______________
___
_______________________
____________________________________________________________
___
_______________________
____________________________________________________________
___
_______________________
____________________________________________________________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e____________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_____
____
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
62
A c c e s s L i s t P r o b l e m # 1 9
D e n y / P e r m i t P o r t N u m b e r s
W e b S e r v e r # 1
1 9 2 . 1 6 8 . 1 5 . 1 2 5
G a i l ’ s
C o m p u t e r
1 7
2 . 2 3 . 5 0 . 1 9 7
E 0 R
o u t e r A
B o b b i e ’ s
C o m p u t e r
1 9 2 . 1 6 8 . 1 5 . 8 2
W e b S e r v e r # 2
1 7 2 . 2 3 . 5 0 . 1 9 6
1 9 2 . 1 6 8 . 1 5 . 2 5
S 0
S 1 1
7 2 . 2 3 . 5 0
. 1 9 5
E
1
R o u t e r B
E 1 1 9 2 . 1 7 2 . 1 0 . 0
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 65/69
W r i t e a n e x t e n d e d a c c e s s l i s t t h a t p e r m i t s w e b t r a f f i c f r o m w e b s e r v e r # 2 a t 1 7 2 . 2 3 . 5
0 . 1 9 6 t o r e a c h e v e r y o n e o n t h
e 1 9 2 . 1 6 8 . 1 5 . 0
n e t w o r k . D e n y a l l o t h e r I
P t r a f f i c g o i n g t o t h e 1 9 2 . 1 7 2 . 1 0 . 0 , a n d 1 9 2 . 1 6 8 . 1 5 . 0 n e t w o
r k s . K e e p i n m i n d t h a t t h e r e m
a y b e m u l t i p l e
w a y s m a n y o f t h e i n d i v i d u
a l s t a t e m e n t s i n a n A C L c a n b
e w r i t t e n .
P l a c e t h e a c c e s s l i s t a t :
R o u t e r N a m e :________
___________________
I n t e r f a c e :____________
___________________
A c c e s s - l i s t # :____________________________
[ W r i t i n g a n d i n s t a l l i n g a n A C L ]
R o u t e r
#
c o n f i g u r e t
e r m i n a
l
R o u t e r
( c o n
f i g
) #______________________________________________________________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
__________________________
_______________________
____________________________________
R o u t e r
( c o n
f i g
) #
i n t
e r f a c e__________
R o u t e r
( c o n
f i g -
i f ) #
i p a c c e s s - g r o u p_________
i n o r o u t ( c i r c l e o n e )
R o u t e r
( c o n
f i g -
i f ) #
e x i t
R o u t e r
( c o n
f i g
) #
e x i t
R o u t e r
# c
o p y r u n s t
a r t
63
E x t e n d e d A c c e
s s L i s t P r o b l e m # 2 0
D e n y / P e r m i t
P o r t N u m b e r s
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 66/69
Optional ACL Commands& Other Network Security Ideas
In order to reduce the chance of spoofing from outside your network consider adding thefollowing statements to your network’s inbound access list.
router# config trouter(config)# access-list 100 deny ip 10.0.0.0 0.255.255.255 anyrouter(config)# access-list 100 deny ip 172.16.0.0 0.0.255.255 anyrouter(config)# access-list 100 deny ip 192.168.0.0 0.0.255.255 anyrouter(config)# access-list 100 deny ip 127.0.0.0 0.255.255.255 anyrouter(config)# access-list 100 deny ip 224.0.0.0 31.255.255.255 anyrouter(config)# access-list 100 deny ip your-subnet-# your-subnet-mask-# anyrouter(config)# access-list 100 deny igmp any anyrouter(config)# access-list 100 deny icmp any any redirectrouter(config)# access-list 100 permit any anyrouter(config)# interface e0 (or whatever your inbound port is)router(config-if)# ip access-group inrouter(config-if)# exitrouter(config)# exit
Another handy security tool is to only allow ip packets out of your network with your sourceaddress.
router# config trouter(config)# access-list 100 permit ip your-subnet-# your-subnet-mask-# any
router(config)# interface e0 (or whatever your outbound port is)router(config-if)# ip access-group outrouter(config-if)# exitrouter(config)# exit
To keep packets with unreachable destinations from entering your network add this command:
ip route 0.0.0.0 0.0.0.0 null 0 255
To protect against smurf and other attacks add the following commands to every externalinterface:
no ip directed-broadcastno ip source-routefair-queuescheduler interval 500
64
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 67/69
Index / Table of Contents
Access-List Numbers.......................................................................Inside CoverWhat are Access Control Lists?..........................................................................1
General Access Lists Information.......................................................................1How routers use Access Lists.............................................................................1Standard Access Lists.........................................................................................2Why Standard ACLs must be placed close to the destination..........................2Standard Access List Placement Sample Problems.........................................3Standard Access List Placement Problems....................................................4-5Extended Access Lists........................................................................................6Why Extended ACLs must be placed close to the destination.........................6Extended Access List Placement Sample Problems........................................7
Extended Access List Placement Problems..................................................8-9Choosing to Filter Incoming or Outgoing Packets...........................................10Breakdown of a Standard ACL Statement........................................................10Breakdown of a Extended ACL Statement.......................................................11What are Named Access Control Lists..................................................................12Named Access Lists Information..........................................................................12Applying a Standard Named Access List called “George”...............................12Applying an Extended Named Access List called “Gracie”.............................13Choices for Using Wildcard Masks..............................................................14-15
Creating Wildcard Masks...................................................................................16Wildcard Mask Problems.............................................................................18-20Writing Standard Access Lists.....................................................................21-32Writing Extended Access Lists.....................................................................33-63
Deny/Permit Specific Addresses.......................................................33-39Deny/Permit Entire Ranges................................................................40-45Deny/Permit a Range of Addresses..................................................46-53Deny/Permit Port Numbers.................................................................54-63
Optional ACL Commands...................................................................................64Index / Table of Contents...................................................................................65Port Numbers...............................................................................66-Inside Cover
65
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 68/69
Port Numbers
Some commonly used port numbers:
0 Reserved1 TCPMUX (TCP Port Service Multiplexer)
5 RJE (Remote Job Entry)7 ECHO9 DISCARD11 SYSTAT (Active users)13 DAYTIME17 QUOTE (Quote of the day)18 MSP (Message Send Protocol)19 CHARGEN (Character generator)20 FTP-DATA (File Transfer Protocol - Data)21 FTP (File Transfer Protocol - Control)22 SSH (Remote Login Protocol)23 Telnet (Terminal Connection)25 SMTP (Simple Mail Transfer Protocol)29 MSG ICP37 TIME39 RLP (Resource Location Protocol42 NAMESERV (Host Name Server)
Port numbers are now assigned by the ICANN (Internet Corporation forAssigned Names and Numbers). Commonly used TCP and UDPapplications are assigned a port number; such as: HTTP - 80, POP3 - 110,FTP - 20. When an application communicates with another application on
another node on the internet, it specifies that application in each datatransmission by using its port number. You can also type the name (ie. Telnet)instead of the port number (ie. 23). Port numbers range from 0 to 65536 andare divided into three ranges:
Below is a short list of some commonly used ports. For a complete list ofport numbers go to http://www.iana.org/assignments/port-numbers.
01,024
49,152
tototo
1,02349,15165,535
Well Known PortsRegistered PortsDynamic and/or Private Ports
66
7/25/2019 ACL Workbook
http://slidepdf.com/reader/full/acl-workbook 69/69
43 NICNAME (Who Is)49 LOGIN (Login Host Protocol)53 DNS (Domain Name Server)67 BOOTP (Bootstrap Protocol Server)68 BOOTPS (Bootstrap Protocol Client)69 TFTP (Trivial File Transfer Protocol)70 GOPHER (Gopher Services )75 (Any Privite Dial-out Service)79 FINGER80 HTTP (Hypertext Transfer Protocol)95 SUPDUP (SUPDUP Protocol)101 HOSTNAME (NIC Host Name Server)108 SNAGAS (SNA Gateway Access Server)109 POP2 (Post Office Protocol - Version 2)110 POP3 (Post Office Protocol - Version 3)113 AUTH (Authentication Service)115 SFTP (Simple File Transfer Protocol)117 UUCP-PATH (UUCP Path Service)118 SQLSERV (SQL Services)119 NNTP (Newsgroup)123 NTP (Network Tim Protocol)137 NetBIOS-NS (NetBIOS Name Service)139 NetBIOS-SSN (NetBIOS Session Service )143 IMAP (Interim Mail Access Protocol)
150 SQL-NET (NetBIOS Session Service)156 SQLSRV (SQL Service)161 SNMP (Simple Network Management Protocol)179 BGP (Border Gateway Protocol)190 GACP (Gateway Access Control Protocol)194 IRC (Internet Relay Chat)197 DLS (Directory Location Service)389 LDAP (Lightweight Directory Access Protocol)396 NETWARE-IP (Novell Netware over IP )
443 HTTPS (HTTP MCom)
top related