Transcript CCNA 1 Module 11 TCP/IP Transport and Application Layers

CCNA 2 v3.1 Module 11
Access Control Lists (ACLs)
© 2004 Cisco Systems, Inc. All rights reserved.
1
Objectives
© 2004, Cisco Systems, Inc. All rights reserved.
2
What are ACLs?
• ACLs are lists of conditions used to test
network traffic that tries to travel across a
router interface. These lists tell the router
what types of packets to accept or deny.
© 2004, Cisco Systems, Inc. All rights reserved.
3
How ACLs Work
© 2004, Cisco Systems, Inc. All rights reserved.
4
Protocols with ACLs Specified by
Numbers
© 2004, Cisco Systems, Inc. All rights reserved.
5
Define an ACL & Apply it
access-list
number
Deny all packets
from 172.16.1.1
Wildcard Mask
Apply to all
Incoming packets
Apply ACL #2
to interface e0
© 2004, Cisco Systems, Inc. All rights reserved.
6
The Function of a Wildcard Mask
© 2004, Cisco Systems, Inc. All rights reserved.
7
Verifying ACLs
• There are many show commands that will
verify the content and placement of ACLs
on the router.
show ip interface
show access-lists
Show running-config
© 2004, Cisco Systems, Inc. All rights reserved.
8
Standard ACLs
© 2004, Cisco Systems, Inc. All rights reserved.
9
Extended ACLs
Source IP addr
plus wildcard
© 2004, Cisco Systems, Inc. All rights reserved.
Destination
IP addr.
10
Named ACLs
單一主機
© 2004, Cisco Systems, Inc. All rights reserved.
11
Placing ACLs
• Standard ACLs should be placed close to the
destination.
• Extended ACLs should be placed close to the source.
© 2004, Cisco Systems, Inc. All rights reserved.
12
Firewalls
A firewall is an architectural structure that
exists between the user and the outside world
to protect the internal network from intruders.
© 2004, Cisco Systems, Inc. All rights reserved.
13
Restricting Virtual Terminal Access
© 2004, Cisco Systems, Inc. All rights reserved.
14
Summary
© 2004, Cisco Systems, Inc. All rights reserved.
15