Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 7 : Access Control List (7.2 Standard IPv4 ACLs ((7.2.2.1 Method 1…
Chapter 7 : Access Control List
7.1.2 Wildcard Mask in ACL
7.1.2.1 Introducing ACL Wildcard Masking
: Pv4 ACEs include the use of wildcard masks. A wildcard mask is a string of 32 binary digits used by the router to determine which bits of the address to examine for a match.
7.1.2.3 Calculating The Wildcard Masking
Calculating wildcard masks can be challenging. One shortcut method is to subtract the subnet mask from 255.255.255.255.
7.1.2.4 Wildcard Mask Keywords
Calculating wildcard masks can be challenging. One shortcut method is to subtract the subnet mask from 255.255.255.255.The
host
keyword substitutes for the 0.0.0.0 mask. This mask states that all IPv4 address bits must match to filter just one host address.The
any
option substitutes for the IPv4 address and 255.255.255.255 mask.
7.1.1.3 ACL Operation
ACLs define the set of rules that give added control for packets that enter inbound interfaces, packets that relay through the router, and packets that exit outbound interfaces of the router.
7.1.1.2 Packet Filtering
Packet filtering controls access to a network by analyzing the incoming and outgoing packets and forwarding them or discarding them based on given criteria. Packet filtering can occur at Layer 3 or Layer 4,of OSI Layer.Standard ACLs only filter at Layer 3. Extended ACLs filter at Layer 3 and Layer 4.
7.1 ACL Operation
7.1.1.1 Purpose of ACL
: An ACL is a series of IOS commands that control whether a router forwards or drops packets based on information found in the packet header. ACLs are among the most commonly used features of Cisco IOS software.
7.1.4 Guidelines for ACL placement
7.1.4.1 Where to place ACLs
The proper placement of an ACL can make the network operate more efficiently. An ACL can be placed to reduce unnecessary traffic.
Extended ACLs
- Locate extended ACLs as close as possible to the source of the traffic to be filtered.
Standard ACLs
- Because standard ACLs do not specify destination addresses, place them as close to the destination as possible.
7.2 Standard IPv4 ACLs
7.2.1 Configure Standard IPv4 ACLs
=
7.2.1.1
Numbered Standard IPv4 ACL Syntax
To use numbered standard ACLs on a Cisco router, you must first create the standard ACL and then activate the ACL on an interface.
7.2.1.2 Applying Standard IPv4 ACLs to Interfaces
After a standard IPv4 ACL is configured, it is linked to an interface using the ip access-group command in interface configuration mode
7.2.1.4 Named Standard IPv4 ACL Syntax
Naming an ACL makes it easier to understand its function. When you identify your ACL with a name instead of with a number, the configuration mode and command syntax are slightly different.
7.2.2.1 Method 1 - Use a Text Editor
: For an existing ACL, you can use the show running-config command to display the ACL, copy and paste it into the text editor.
7.2.2.2 Method 2 - Use Sequence Numbers
Step 1. Display the current ACL using the show access-lists 1 command. Step 2. Enter the ip access-lists standard command that is used to configure named ACLs.
7.2.2 Modify IPv4 ACLs
7.2.2.3 Editing Standard Named ACLs sequence numbers were used to edit a standard numbered IPv4 ACL. By referring to the statement sequence numbers, individual statements can easily be inserted or deleted. This method can also be used to edit standard named ACLs.