ICND1 Section 6 - IP Services - ACLs Flashcards
What are the ranges for standard ACLs?
1-99
1300-1999
Syntax for an extended numbered ACL
access-list access-list-number {deny | permit} protocol source IP wildcard mask destination IP wildcard mask [log]
3 primary differences that named ACLs have vs numbered
- Names instead of numbers
- Uses ACL subcommands vs global commands to define the ACL
- ACL editing allows users to edit delete and add individual lines
Command to delete a line from a numbered ACL with sequence numbers.
conf t
ip access-list {standard | extended} number
no seq number
Syntax to assign an ACL to a vty
access-class number {in | out}
Command to set a router to use an NTP server
conf t
ntp server server {version version}
2 commands to see how NTP is working on a router
show ntp status
show ntp associations
What does “inside local” refer to?
Private IP’s used in NAT
What does “inside global” refer to?
Public IP’s used in NAT
3 steps to configure a router to do static NAT
- Set up an interface as inside local
- Set up an interface as inside global
- Create a mapping between inside and outside IP’s
Command to make an inside NAT interface
conf t
int gi0/0
ip nat inside
Command to make an outside NAT interface
conf t
int gi0/1
ip nat outside
TCP version of an extended ACL
access-list access-list-number {deny | permit}tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [log]
Command to create a static NAT mapping
ip nat inside source static inside local inside global
Command to see static NAT mappings
show ip nat translations
5 steps to configuring dynamic NAT
- Set an interface to inside
- Set an interface to outside
- Create ACL for the inside interface which identifies packets for which NAT should be performed
- Create a pool of global IP’s for use in NAT
- Bind the ACL and the pool together, enabling dynamic NAT
Command to create an IP address pool for use with NAT
ip nat pool name first IP last IP netmask subnet mask