1© 2004 Cisco Systems, Inc. All rights reserved.

CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

222© 2004, Cisco Systems, Inc. All rights reserved.

Objectives

333© 2004, Cisco Systems, Inc. All rights reserved.

What are ACLs?

• ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny.

444© 2004, Cisco Systems, Inc. All rights reserved.

How ACLs Work

555© 2004, Cisco Systems, Inc. All rights reserved.

Protocols with ACLs Specified by Numbers

666© 2004, Cisco Systems, Inc. All rights reserved.

Define an ACL & Apply it

Wildcard Mask

Deny all packetsfrom 172.16.1.1

access-listnumber

Apply ACL #2to interface e0

Apply to allIncoming packets

777© 2004, Cisco Systems, Inc. All rights reserved.

The Function of a Wildcard Mask

888© 2004, Cisco Systems, Inc. All rights reserved.

Verifying ACLs

• There are many show commands that will verify the content and placement of ACLs on the router.

show ip interface

show access-lists

Show running-config

999© 2004, Cisco Systems, Inc. All rights reserved.

Standard ACLs

101010© 2004, Cisco Systems, Inc. All rights reserved.

Extended ACLsSource IP addrplus wildcard

DestinationIP addr.

111111© 2004, Cisco Systems, Inc. All rights reserved.

Named ACLs

單一主機

121212© 2004, Cisco Systems, Inc. All rights reserved.

Placing ACLs

• Standard ACLs should be placed close to the destination.

• Extended ACLs should be placed close to the source.

131313© 2004, Cisco Systems, Inc. All rights reserved.

Firewalls

A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders.

141414© 2004, Cisco Systems, Inc. All rights reserved.

Restricting Virtual Terminal Access

151515© 2004, Cisco Systems, Inc. All rights reserved.

Summary