Lecture Notes For CCNA

CHAPTER 6- SECURITY

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Access-lists

sequential order until match is made
deny any at end of list (implied)

standard ip access list only on source addr.


1-99
acc list # perm/deny 10.0.0.5 0.0.0.0

in and out are routers perspective, ie out of router

ip access-group ## [in/out] (witin config t, int e0)
wildcard matching: std, ext : reverse subnet mask, eg 0.0.0.255

extended on source, dest, ip, protocol

100-199
acc list # perm/deny protocol source dest port

access-list 110 permit tcp host 172.x.x.x host y.y.y.y eq 8080

access-list 110 permit tcp 172.x.x.0 host y.y.y.y eq 8080
access-list 110 permit tcp any any eq ww
host is same as x.x.x.x 0.0.0.0
any is 0.0.0.0 255.255.255.255
port is port no. or well known service name, www, smtp, pop3 etc.
protocol is udp, tcp, icmp when filtering by port.

monitoring access lists

show access-lists

shows all running
shows each line & no. of packets that matched!
sh ip access-list
shows only ip access lists
sh log

add log to end of command, will log:

acc list #, source addr/port, dest addr/port, no. of packets
can be redirected to syslog server
clear access-list counters [#]
show run conf and sh ip int e0 show which access lists on port
sh access-list ## shows just ##

Comments

Post a Comment

Popular posts from this blog

Structure of ‘C’ Program

The Structure of ‘C’ Program “C Language also has the Standard Structure “                 < Include Header Files >                 [Global Declarations]                 Main ( )                      {                          < Local Declarations>;                            < Statements>;                      }   ...
Read more

DOEACC ‘O’ Level Course

Objective The objective of the course is to enable a student to acquire the knowledge pertaining to fundamentals of Information Technology (IT Tools and Business Systems, Internet Technology and Web design, Programming and Problem Solving through ‘C’ Language, Application of .NET Technology, Introduction to Multimedia, Introduction to ICT Resources, a Practical and Project Work). The career options available to a DOEACC ‘O’ level qualifiers are: Junior Programmer EDP Assistant Web Designer Lab Demonstrator DOEACC ‘O’ Level Course consists of four theory modules (three compulsory modules and one elective module), one Practical and one Project Course Structure M1-R4         IT Tools and Business System M2-R4         Internet Technology and Web Design  M3-R4        Programming and Problem Solving Through ‘C’ Language M4-R4         Elective: (One Module out of the following three mod...
Read more