Chapter 4: Access Control Lists IPv4 Flashcards
Learn about ACLs for IPv4
What is an Access Control List?
An ACL is used to filter packets at an interface. Packet can be incoming or outgoing.
What are the two types of ACLs?
Standard and Extended
What are some rules for applying ACLs?
- you can only have one acl per protocol (IPv4 @ IPv6)
- one acl per interface (IN and OUT)
- one acl per direction. (gi0/0)
What are the best practices when implementing standard and extended ACLs
• Standard ACLs should be located as close to the destination as possible.
If a standard ACL was placed at the source of the traffic, it would filter traffic based on the given source address no matter where the traffic is destined.
• Extended ACLs should be located as close as possible to the source of the traffic to be filtered.
Denies undesirable traffic close to the source network without crossing the network infrastructure.
How do you write a Standard Numbered ACL?
- access-list ACL#{deny|permit|remark} source-IP src-wildcard
- access-list 10 permit 192.168.10.0 0.0.0.255
How do you add an ACL to an interface?
you will have to first enter in the interfascce yo want. Then write
ip access-group 1 (in | out)
How do you write a Standard Named ACL?
- ip access-list standard (deny | permit | remark) source-ip src-wildcard
- int g0/0
- ip access-group (IN | OUT)
How do you configure an Extended Numbered ACL?
• SYNTAX: access-list ACL#{deny|permit|remark} protocol
sourceIPsource-wildcard[operator [port-number|port-name]]
destIPdest-wildcard[operator [port-number|port-name]]
keyword
• ex: access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 80
• establish - parameter allows only responses to traffic that originates from the 192.168.10.0/24 network to return to that network.
What are the differences between inbound and outbound ACLs?
Inbound ACLs operate as follows:
•First ACE match is processed. Remaining ACEs are ignored
•If no statements match then the packet is implicitly denied
•If you require a permit as the default, make the last statement “permit any”
Outbound ACLs operate as follows:
•The router checks the routing table to see if the packet is routable.
•The router checks to see whether the outbound interface is grouped to an ACL.
•If it is, the ACL is tested by the combination of ACEs that are associated with that interface.
•Based on the first ACE match, the packet is permitted or denied.