Access Control Lists (ACLs)

By -

 Access Control Lists (ACLs) are used in network devices, including Cisco routers and switches, to control and filter network traffic based on various criteria. Below are the commands to create, apply, verify, remove, and configure ACLs on Cisco devices, including extended ACLs and named ACLs.

1. Create Standard ACL:

  • To create a standard ACL that filters traffic based on source IP addresses, use the following command:
bash
Router(config)# access-list acl_number {deny | permit} source_address [source_wildcard]
  • For example, to deny traffic from source IP 192.168.1.10:
bash
Router(config)# access-list 10 deny 192.168.1.10

2. Apply ACL on Interface:

  • To apply a standard ACL to an interface (e.g., to filter incoming traffic), use the following command:
bash
Router(config-if)# ip access-group acl_number {in | out}
  • For example, to apply ACL 10 to the incoming traffic on interface GigabitEthernet0/0:
bash
Router(config-if)# ip access-group 10 in

3. Verify ACL:

  • To verify the ACL configuration, use the following command:
bash
Router# show access-lists
  • This command displays the configured ACLs and their rules.

4. Remove ACL from Interface:

  • To remove an ACL from an interface, use the following command:
bash
Router(config-if)# no ip access-group acl_number {in | out}
  • For example, to remove ACL 10 from the incoming traffic on interface GigabitEthernet0/0:
bash
Router(config-if)# no ip access-group 10 in

5. Create Extended ACL:

  • To create an extended ACL that filters traffic based on source and destination IP addresses, ports, and protocols, use the following command:
bash
Router(config)# access-list acl_number {deny | permit} protocol source source_wildcard [operator port] destination destination_wildcard [operator port]
  • For example, to permit TCP traffic from source IP 192.168.1.10 to destination IP 10.0.0.1 on port 80:
bash
Router(config)# access-list 100 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.0.0.1 0.0.0.0

6. Apply Extended ACL on Interface:

  • To apply an extended ACL to an interface, use the same ip access-group command as for standard ACLs, but specify the extended ACL number.

7. Establish Keyword (Extended ACL):

  • In extended ACLs, you can use the established keyword to filter traffic for established connections (e.g., TCP sessions). This can be used for security purposes.
bash
Router(config)# access-list acl_number permit tcp any any established

8. Log Keyword (Extended ACL):

  • You can use the log keyword to log matches of ACL entries. This can be useful for monitoring and troubleshooting.
bash
Router(config)# access-list acl_number permit tcp any any log

9. Create Named ACL:

  • To create a named ACL (extended or standard), use the following command:
bash
Router(config)# ip access-list {standard | extended} acl_name
  • For example, to create a named standard ACL called "my_acl":
bash
Router(config)# ip access-list standard my_acl
  • Once created, you can configure ACL entries within the named ACL just like regular ACLs.

Comments

Post a Comment

Popular posts from this blog

CCNA Router and Catalyst Switch IOS Command Reference

By -
CCNA Router and Catalyst Switch IOS Command Reference By Jamison Schmidt This reference guide provides router and switch commands to help you prepare for Cisco's CCNA certification exam. This guide covers IOS version 11 and higher. We will try to get VLSM and Supernetting commands added for the new 640-801 CCNA exam. Reference Quick Links Router Commands Show Commands Catalyst Commands Router Commands Terminal Controls: ·   Config# terminal editing - allows for enhanced editing commands ·   Config# terminal monitor - shows output on telnet session ·   Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks Host Name: ·   Config# hostname ROUTER_NAME Banner: ·   Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message Descriptions: ·   Config# description THIS IS THE SOUTH ROUTER - can be entered ...
Read more

Network Technologies

By -
Image
Common Networking Protocols TCP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data. IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP. UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery. ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities. SMTP - Used to reliably send and receive mail over the Internet. FTP - ...
Read more

About myself

By -
With a track record of delivering innovative IT solutions and optimizing technology infrastructure, Prashant Shrivastava is the driving force behind the organization's digital transformation journey from 2007. Expertise in ERP Implementation: Prashant Shrivastava brings a wealth of experience in Enterprise Resource Planning (ERP) implementation, having successfully overseen multiple projects. ERP systems are vital for streamlining business processes, enhancing data visibility, and improving decision-making. He possesses a deep understanding of ERP modules, such as finance, human resources, supply chain, and customer relationship management, ensuring seamless integration across all departments. Infrastructure Administration and System Administration: As a Head of IT, Prashant Shrivastava has a strong foundation in both Infrastructure and System Administration. This expertise includes managing servers, networks, databases, and ensuring the overall stability and security of the IT env...
Read more