SlideShare a Scribd company logo

Cisco CCNA-Extended Access List

Download as PPTX, PDF
H
Hamed Moghaddam

Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam! To be Cisco Certified please Check out: http://asmed.com/information-technology-it/

Education
1 of 33
CISCO CCNA Extended Access List To watch our Cisco CCNA Training Videos Please Check out the link below: www.asmed.com/c1 ASM Educational Center Inc. (ASM) Where Training, Technology & Service Converge Phone: (301) 984-7400
CISCO CCNA- Extended Access List
CISCO CCNA- Extended Access List In this Lab we will cover the concept of Extended ACL. The Goal is that only Pc1=10.10.10.1 will not browse (80) and (FTP =21) on the web server=30.30.30.200
CISCO CCNA- Extended Access List Solution: Pre step 1) I know this is Extended ACL why? Since I have both source and destination Step 1) write your ACL r1#config t access-list 110 deny TCP 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 eq 80 access-list 110 deny TCP 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 eq 21 access-list 110 permit IP any any Blue: Source Red: Destination
CISCO CCNA- Extended Access List Now source can be a single IP address like above; or a network For ex: 10.10.10.0 0.0.0.255 (that can be source)
CISCO CCNA- Extended Access List Now I will configure my ACL on R1 R1# R1#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)# R1(config)# R1(config)#acc
CISCO CCNA- Extended Access List R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list R1(config)#access-list 110 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment R1(config)#access-list 110 deny R1(config)#access-list 110 deny ?
CISCO CCNA- Extended Access List ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol
CISCO CCNA- Extended Access List R1(config)#access-list 110 deny tcp ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 110 deny tcp 10.10.10.1 ? A.B.C.D Source wildcard bits R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 ? A.B.C.D Destination address any Any destination host
CISCO CCNA- Extended Access List eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 30.30.30.200 ? A.B.C.D Destination wildcard bits
CISCO CCNA- Extended Access List R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 ? dscp Match packets with given dscp value eq Match only packets on a given port number established established gt Match only packets with a greater port number lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value
CISCO CCNA- Extended Access List range Match only packets in the range of port numbers <cr> R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 eq ? <0-65535> Port number ftp File Transfer Protocol (21) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) telnet Telnet (23) www World Wide Web (HTTP, 80) R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 eq www R1(config)#
CISCO CCNA- Extended Access List Here is my show run access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www Hint: Single Ip address can be written in 10.10.10.1 0.0.0.0 or HOST 10.10.10.1 Now I will do same ACL for FTP=21. Make sure do step by step with? Do not use up arrow key
CISCO CCNA- Extended Access List R1# R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#acc R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list
CISCO CCNA- Extended Access List R1(config)#access-list 110 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment R1(config)#access-list 110 deny ? ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload
CISCO CCNA- Extended Access List gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 110 deny tcp ? A.B.C.D Source address
CISCO CCNA- Extended Access List any Any source host host A single source host R1(config)#access-list 110 deny tcp host ? A.B.C.D Source address R1(config)#access-list 110 deny tcp host 10.10.10.1 ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number
CISCO CCNA- Extended Access List gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers R1(config)#access-list 110 deny tcp host 10.10.10.1 host ? A.B.C.D Destination address
CISCO CCNA- Extended Access List R1(config)#access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 ? dscp Match packets with given dscp value eq Match only packets on a given port number established established gt Match only packets with a greater port number lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value range Match only packets in the range of port numbers <cr>
CISCO CCNA- Extended Access List R1(config)#access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ? <0-65535> Port number ftp File Transfer Protocol (21) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) telnet Telnet (23) www World Wide Web (HTTP, 80) R1(config)#access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp R1(config)#
CISCO CCNA- Extended Access List Now I will look at show run access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp Make sure you give permit; remember there is an implicit deny at end of ACL R1# R1# R1#
CISCO CCNA- Extended Access List R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#acc R1(config)#access-list 110 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment
CISCO CCNA- Extended Access List R1(config)#access-list 110 permi R1(config)#access-list 110 permit ? ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol
CISCO CCNA- Extended Access List ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 110 permit ip ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 110 permit ip any ?
CISCO CCNA- Extended Access List A.B.C.D Destination address any Any destination host host A single destination host R1(config)#access-list 110 permit ip any any ? dscp Match packets with given dscp value precedence Match packets with given precedence value <cr> R1(config)#access-list 110 permit ip any any
CISCO CCNA- Extended Access List Here is my show run access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp access-list 110 permit ip any any !
CISCO CCNA- Extended Access List Now I will apply to s0/0 R1# R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int s0/0 R1(config-if)#ip acc R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended)
CISCO CCNA- Extended Access List WORD Access-list name R1(config-if)#ip access-group 110 ? in inbound packets out outbound packets R1(config-if)#ip access-group 110 out R1(config-if)#
CISCO CCNA- Extended Access List Here is my show run interface Serial0/0 ip address 20.20.20.9 255.255.255.252 ip access-group 110 out clock rate 64000 ! ! access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp access-list 110 permit ip any any
CISCO CCNA- Extended Access List Now I will go to PC1=10.10.10.1 make sure I cannot access web server R1#show access-lists Extended IP access list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www (12 match(es)) deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp permit ip any any (7 match(es)) R1#
CISCO CCNA- Extended Access List As we see when I tried it; I cannot access from PC1 but i can go to web server from other PC As we see in order to see where it is applied I do not use #show access-list I will use R1# show ip int s0/0 R1#show ip int s0/0 Serial0/0 is up, line protocol is up (connected) Internet address is 20.20.20.9/30
CISCO CCNA- Extended Access List Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is 110 Inbound access list is not set
ASM Educational Center Inc. (ASM) Where Training, Technology & Service Converge To watch our Cisco CCNA Video Trainings Please Check out the link below: www.asmed.com/c1 Phone: (301) 984-7400

Recommended

Cisco CCNA-Standard Access List
Cisco CCNA-Standard Access ListCisco CCNA-Standard Access List
Cisco CCNA-Standard Access List
Hamed Moghaddam
 
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationCisco CCNA- NAT Configuration
Cisco CCNA- NAT Configuration
Hamed Moghaddam
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA Configuration
Hamed Moghaddam
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configuration
Hamed Moghaddam
 
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationJuniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
Hamed Moghaddam
 
Cisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationCisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL Configuration
Hamed Moghaddam
 
Juniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationJuniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route Configuration
Hamed Moghaddam
 
Juniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationJuniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route Configuration
Hamed Moghaddam
 

Recommended

Cisco CCNA-Standard Access List
Cisco CCNA-Standard Access ListCisco CCNA-Standard Access List
Cisco CCNA-Standard Access List
Hamed Moghaddam
 
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationCisco CCNA- NAT Configuration
Cisco CCNA- NAT Configuration
Hamed Moghaddam
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA Configuration
Hamed Moghaddam
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configuration
Hamed Moghaddam
 
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationJuniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
Hamed Moghaddam
 
Cisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationCisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL Configuration
Hamed Moghaddam
 
Juniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationJuniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route Configuration
Hamed Moghaddam
 
Juniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationJuniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route Configuration
Hamed Moghaddam
 
Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route Configuration
Hamed Moghaddam
 
Cisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static ConfigurationCisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static Configuration
Hamed Moghaddam
 
Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
Hamed Moghaddam
 
Cisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel ConfigurationCisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel Configuration
Hamed Moghaddam
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
Hamed Moghaddam
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 Configuration
Hamed Moghaddam
 
Cisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 ConfigurationCisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 Configuration
Hamed Moghaddam
 
Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
Hamed Moghaddam
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2
Hamed Moghaddam
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on Stick
Hamed Moghaddam
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP Server
Hamed Moghaddam
 
Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!
Hamed Moghaddam
 
Microsoft MCSA - Install active directory domain services (adds) role
Microsoft MCSA - Install active directory domain services (adds) roleMicrosoft MCSA - Install active directory domain services (adds) role
Microsoft MCSA - Install active directory domain services (adds) role
Hamed Moghaddam
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
Hamed Moghaddam
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
Hamed Moghaddam
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
Sayali Powar
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 

More Related Content

More from Hamed Moghaddam

Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route Configuration
Hamed Moghaddam
 
Cisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static ConfigurationCisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static Configuration
Hamed Moghaddam
 
Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
Hamed Moghaddam
 
Cisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel ConfigurationCisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel Configuration
Hamed Moghaddam
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
Hamed Moghaddam
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 Configuration
Hamed Moghaddam
 
Cisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 ConfigurationCisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 Configuration
Hamed Moghaddam
 
Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
Hamed Moghaddam
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2
Hamed Moghaddam
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on Stick
Hamed Moghaddam
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP Server
Hamed Moghaddam
 
Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!
Hamed Moghaddam
 
Microsoft MCSA - Install active directory domain services (adds) role
Microsoft MCSA - Install active directory domain services (adds) roleMicrosoft MCSA - Install active directory domain services (adds) role
Microsoft MCSA - Install active directory domain services (adds) role
Hamed Moghaddam
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
Hamed Moghaddam
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
Hamed Moghaddam
 

More from Hamed Moghaddam (17)

Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route Configuration
 
Cisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static ConfigurationCisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static Configuration
 
Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
 
Cisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel ConfigurationCisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel Configuration
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 Configuration
 
Cisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 ConfigurationCisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 Configuration
 
Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on Stick
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP Server
 
Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!
 
Microsoft MCSA - Install active directory domain services (adds) role
Microsoft MCSA - Install active directory domain services (adds) roleMicrosoft MCSA - Install active directory domain services (adds) role
Microsoft MCSA - Install active directory domain services (adds) role
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
 

Recently uploaded

The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
Sayali Powar
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Extraction Of Natural Dye From Beetroot (Beta Vulgaris) And Preparation Of He...
Extraction Of Natural Dye From Beetroot (Beta Vulgaris) And Preparation Of He...Extraction Of Natural Dye From Beetroot (Beta Vulgaris) And Preparation Of He...
Extraction Of Natural Dye From Beetroot (Beta Vulgaris) And Preparation Of He...
SachinKumar945617
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
Celine George
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptxSolid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Denish Jangid
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
PedroFerreira53928
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
AzmatAli747758
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
plant breeding methods in asexually or clonally propagated crops
plant breeding methods in asexually or clonally propagated cropsplant breeding methods in asexually or clonally propagated crops
plant breeding methods in asexually or clonally propagated crops
parmarsneha2
 

Recently uploaded (20)

The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Extraction Of Natural Dye From Beetroot (Beta Vulgaris) And Preparation Of He...
Extraction Of Natural Dye From Beetroot (Beta Vulgaris) And Preparation Of He...Extraction Of Natural Dye From Beetroot (Beta Vulgaris) And Preparation Of He...
Extraction Of Natural Dye From Beetroot (Beta Vulgaris) And Preparation Of He...
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptxSolid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
 
Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
plant breeding methods in asexually or clonally propagated crops
plant breeding methods in asexually or clonally propagated cropsplant breeding methods in asexually or clonally propagated crops
plant breeding methods in asexually or clonally propagated crops
 

Cisco CCNA-Extended Access List

  • 1. CISCO CCNA Extended Access List To watch our Cisco CCNA Training Videos Please Check out the link below: www.asmed.com/c1 ASM Educational Center Inc. (ASM) Where Training, Technology & Service Converge Phone: (301) 984-7400
  • 2. CISCO CCNA- Extended Access List
  • 3. CISCO CCNA- Extended Access List In this Lab we will cover the concept of Extended ACL. The Goal is that only Pc1=10.10.10.1 will not browse (80) and (FTP =21) on the web server=30.30.30.200
  • 4. CISCO CCNA- Extended Access List Solution: Pre step 1) I know this is Extended ACL why? Since I have both source and destination Step 1) write your ACL r1#config t access-list 110 deny TCP 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 eq 80 access-list 110 deny TCP 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 eq 21 access-list 110 permit IP any any Blue: Source Red: Destination
  • 5. CISCO CCNA- Extended Access List Now source can be a single IP address like above; or a network For ex: 10.10.10.0 0.0.0.255 (that can be source)
  • 6. CISCO CCNA- Extended Access List Now I will configure my ACL on R1 R1# R1#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. R1(config)# R1(config)# R1(config)# R1(config)#acc
  • 7. CISCO CCNA- Extended Access List R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list R1(config)#access-list 110 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment R1(config)#access-list 110 deny R1(config)#access-list 110 deny ?
  • 8. CISCO CCNA- Extended Access List ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol
  • 9. CISCO CCNA- Extended Access List R1(config)#access-list 110 deny tcp ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 110 deny tcp 10.10.10.1 ? A.B.C.D Source wildcard bits R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 ? A.B.C.D Destination address any Any destination host
  • 10. CISCO CCNA- Extended Access List eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 30.30.30.200 ? A.B.C.D Destination wildcard bits
  • 11. CISCO CCNA- Extended Access List R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 ? dscp Match packets with given dscp value eq Match only packets on a given port number established established gt Match only packets with a greater port number lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value
  • 12. CISCO CCNA- Extended Access List range Match only packets in the range of port numbers <cr> R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 eq ? <0-65535> Port number ftp File Transfer Protocol (21) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) telnet Telnet (23) www World Wide Web (HTTP, 80) R1(config)#access-list 110 deny tcp 10.10.10.1 0.0.0.0 30.30.30.200 0.0.0.0 eq www R1(config)#
  • 13. CISCO CCNA- Extended Access List Here is my show run access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www Hint: Single Ip address can be written in 10.10.10.1 0.0.0.0 or HOST 10.10.10.1 Now I will do same ACL for FTP=21. Make sure do step by step with? Do not use up arrow key
  • 14. CISCO CCNA- Extended Access List R1# R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#acc R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list
  • 15. CISCO CCNA- Extended Access List R1(config)#access-list 110 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment R1(config)#access-list 110 deny ? ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload
  • 16. CISCO CCNA- Extended Access List gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 110 deny tcp ? A.B.C.D Source address
  • 17. CISCO CCNA- Extended Access List any Any source host host A single source host R1(config)#access-list 110 deny tcp host ? A.B.C.D Source address R1(config)#access-list 110 deny tcp host 10.10.10.1 ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number
  • 18. CISCO CCNA- Extended Access List gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers R1(config)#access-list 110 deny tcp host 10.10.10.1 host ? A.B.C.D Destination address
  • 19. CISCO CCNA- Extended Access List R1(config)#access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 ? dscp Match packets with given dscp value eq Match only packets on a given port number established established gt Match only packets with a greater port number lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value range Match only packets in the range of port numbers <cr>
  • 20. CISCO CCNA- Extended Access List R1(config)#access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ? <0-65535> Port number ftp File Transfer Protocol (21) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) telnet Telnet (23) www World Wide Web (HTTP, 80) R1(config)#access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp R1(config)#
  • 21. CISCO CCNA- Extended Access List Now I will look at show run access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp Make sure you give permit; remember there is an implicit deny at end of ACL R1# R1# R1#
  • 22. CISCO CCNA- Extended Access List R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#acc R1(config)#access-list 110 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment
  • 23. CISCO CCNA- Extended Access List R1(config)#access-list 110 permi R1(config)#access-list 110 permit ? ahp Authentication Header Protocol eigrp Cisco’s EIGRP routing protocol esp Encapsulation Security Payload gre Cisco’s GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol
  • 24. CISCO CCNA- Extended Access List ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol R1(config)#access-list 110 permit ip ? A.B.C.D Source address any Any source host host A single source host R1(config)#access-list 110 permit ip any ?
  • 25. CISCO CCNA- Extended Access List A.B.C.D Destination address any Any destination host host A single destination host R1(config)#access-list 110 permit ip any any ? dscp Match packets with given dscp value precedence Match packets with given precedence value <cr> R1(config)#access-list 110 permit ip any any
  • 26. CISCO CCNA- Extended Access List Here is my show run access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp access-list 110 permit ip any any !
  • 27. CISCO CCNA- Extended Access List Now I will apply to s0/0 R1# R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int s0/0 R1(config-if)#ip acc R1(config-if)#ip access-group ? <1-199> IP access list (standard or extended)
  • 28. CISCO CCNA- Extended Access List WORD Access-list name R1(config-if)#ip access-group 110 ? in inbound packets out outbound packets R1(config-if)#ip access-group 110 out R1(config-if)#
  • 29. CISCO CCNA- Extended Access List Here is my show run interface Serial0/0 ip address 20.20.20.9 255.255.255.252 ip access-group 110 out clock rate 64000 ! ! access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www access-list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp access-list 110 permit ip any any
  • 30. CISCO CCNA- Extended Access List Now I will go to PC1=10.10.10.1 make sure I cannot access web server R1#show access-lists Extended IP access list 110 deny tcp host 10.10.10.1 host 30.30.30.200 eq www (12 match(es)) deny tcp host 10.10.10.1 host 30.30.30.200 eq ftp permit ip any any (7 match(es)) R1#
  • 31. CISCO CCNA- Extended Access List As we see when I tried it; I cannot access from PC1 but i can go to web server from other PC As we see in order to see where it is applied I do not use #show access-list I will use R1# show ip int s0/0 R1#show ip int s0/0 Serial0/0 is up, line protocol is up (connected) Internet address is 20.20.20.9/30
  • 32. CISCO CCNA- Extended Access List Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is 110 Inbound access list is not set
  • 33. ASM Educational Center Inc. (ASM) Where Training, Technology & Service Converge To watch our Cisco CCNA Video Trainings Please Check out the link below: www.asmed.com/c1 Phone: (301) 984-7400