• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/5

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

5 Cards in this Set

  • Front
  • Back

Creating Extended ACLs 1




1Router(config)#access-list 110 permit tcp 172.16.0.0 0.0.0.255 192.168.100.0 0.0.0.255 eq 80

1 Read this line to say, “HTTPpackets with a source IPaddress of 172.16.0.x willbe permitted to travel to thedestination address192.168.100.x.”

Creating Extended ACLs (COMMAND BREAKDOWN 1)




1 access-list | 6 0.0.0.255


2 110 | 7 192.168.100.0


3 permit | 8 0.0.0.255


4 tcp | 9 eq


5 172.16.0.0 | 10 80

1 ACL command.


2 Number is between 100 and199, or 2000 and 2699,designating this as anextended IP ACL.


3 Packets that match thisstatement will be allowed tocontinue.


4 Protocol must be TCP.


5 Source IP add to becompared to.


6 Wildcard mask for thesource IP add.


7 Destination IP add to becompared to.


8 Wildcard mask for thedestination IP add.


9 Operand, means “equal to.”


10 Port 80, indicating HTTPtraffic.

Creating Extended ACLs (COMMAND BREAKDOWN 2)




1 Router(config)#access-list 110 deny tcp any192.168.100.7 0.0.0.0 eq 23

1 Read this line to say, “Telnetpackets with any source IPaddress will be dropped ifthey are addressed tospecific host192.168.100.7.”

Creating Extended ACLs (COMMAND BREAKDOWN 2)




1 access-list | 6 192.168.100.7


2 110 | 7 0.0.0.0


3 deny | 8 eq


4 tcp | 9 23


5 any |

1 ACL command.


2 Number is between 100 and199, or 2000 and 2699,designating this as anextended IP ACL.


3 Packets that match thisstatement will be droppedand discarded.


4 Protocol must be TCP protocol.


5 Any source IP address. .


6 Destination IP address to be compared to.


7 Wildcard mask; address must match exactly


8 Operand, means “equal to.”


9 Port 23, indicating Telnet traffic.

Applying Extended ACLs to an Interface




1 Router(config)#interface fastethernet 0/0




2 Router(config-if)#ip access-group 110 out

Moves to interfaceconfiguration mode andtakes all access list linesthat are defined as beingpart of group 110 andapplies them in anoutbound manner. Packetsgoing out fastethernet 0/0will be checked.


*TIP: Access lists can be applied in either an inbound direction (keyword in) or inan outbound direction (keyword out).


*TIP: Only one access list can be applied per interface, per direction.


*TIP: Apply an extended ACL as close as possible to the source network or device.