ccna ppt day 7
DESCRIPTION
ccna pptTRANSCRIPT
ACL (Access Control List)
ACLS’s are used for network security Conditions for controlling traffics through router is called ACL. Two conditions are:- 1. Permit2. Deny Two types are:-1. Standard (1-99)2. Extended (100-199)
Standard ACL
Range 1-99 Standard ACL is configured under destination Router Source IP is given for Standard ACL Entire TCP/IP protocol stack is blocked when Deny condition is applied
Configuring Standard ACL
Router(config)#access-list ‘no:’ deny host ‘destination address’ Router(config)#access-list ‘no:’ permit any
Filter Design
Filter is designed at the interface which is nearest to destination in standard ACL
ACL will only be accessible if filter is designed. Syntax:-Router(config-if)# ip access group ‘access list no:’ ‘in or out ‘
Verifying ACL’s
Router #show access-list
To remove:-Router(config)#no access-list ‘no:’Router(config-if)#no ip access group ‘access list no:’ ‘in or out’
Extended ACL
Range- 100-199 Extended ACL is configured under the source router. Source IP and Destination IP is given for Extended ACL Each or any protocols could be blocked when Deny condition is
applied
Configuring Extended ACL
Router(config)#access-list ‘no:’ deny ‘service’ host ‘address’ host ‘address’Router(config)#access-list ‘no:’ permit ‘service’ host ‘address’ network ‘address’ ‘mask’For blocking a network- Router(config)#access-list ‘no:’ deny ‘service’ host ‘address’ network ‘address’ ‘mask’For blocking TCP Router(config)#access-list ‘no:’ deny tcp host ‘address’ network ‘address’ ‘mask’ eq ‘port no:’
Named ACL
ACL’s with name are called Named ACLs. Syntax:- For StandardRouter(config)#ip access-list standard ‘access list name’Router(config-std-nacl)#deny host ‘address’Router(config-std-nacl)#permit anyFor ExtendedRouter(config)#ip access-list extended ‘access list name’Router(config-std-nacl)#deny ‘service’ host ‘address’ host ‘address’Router(config-std-nacl)#permit any any
Filter Design
Router(config-if)#ip access group ‘access list name:’ ‘in or out’
To verify:-Router#show ip access-list
NAT (Network Address Translation)
This service converts Private IP address to Public IP address To avoid IP wastage Implements Network Security. Types of NAT:-1. Static 2. Dynamic3. NAT Overloading or PAT (Port Address Translation)
Static NAT
One to one mapping Each private range IP is provided with each public range IP
Dynamic NAT
One to many mapping A pool is created inside the NAT service. In that it holds the information about public IP and its corresponding
Private IP Each private IP selects its own Public IP for communication with the
help of Router
NAT overloading or PAT (Port Address Translation) Each Private IP is Translated on one single Public IP. Each one is Provided with Port Numbers in order to avoid conflict.
Static NAT Configuration
Router(config)#Int fast Ethernet 0/0
Router(config-if)# IP NAT inside
Router(config)#Int s 1/0
Router(config-if)# IP NAT outside
Router(config-if)# Exit
Router(config)# ip NAT inside source static 10.0.0.1 200.0.0.1
To see the table
Router(config)#show ip nat translations
Router(config)#show ip nat statistics
Dynamic NAT Configuration
Access list creation- for grouping the private IP’s in our network Pool creation- Creating pool in which the translations are to be
included. Nat Activation
Create an Access ListRouter(config)# Access-list 1 permit 10.0.0.0 0.255.255.255
Configure NAT dynamic PoolRouter(config)# IP NAT pool pool1 200.0.0.1 200.0.0.254 netmask 255.255.255.0
Link Access List to PoolRouter(config)# IP NAT inside source list 1 pool pool1
PAT Configuration
Router#config tRouter(config)# int e 0Router(config-if)# ip nat insideRouter(config)# int s 0Router(config-if)# ip nat outsideRouter(config)#access-list 1 permit 10.0.0.0 0.255.255.255Router(config)#ip nat inside source list 1 interface s 0 overload
To see host to host ping configure static or dynamic routing
To check translation#show ip nat translations