Skip to main content

Standard ACLs

Standard ACLs 
11.2.1
Standard ACLs check the source address of IP packets that are routed. The ACL will either permit or deny access for an entire protocol suite, based on the network, subnet, and host addresses. For example, packets that come in Fa0/0 are checked for their source addresses and protocols. If they are permitted, the packets are routed through the router to an output interface. If they are not permitted, they are dropped at the incoming interface.
The standard version of the access-list global configuration command is used to define a standard ACL with a number in the range of 1 to 99 (also from 1300 to 1999 in recent IOS). In Cisco IOS Software Release 12.0.1, standard ACLs began using additional numbers (1300 to 1999) to provide a maximum of 798 possible standard ACLs. These additional numbers are referred to as expanded IP ACLs. In the first ACL statement, notice that there is no wildcard mask. Since no list is shown, the default mask of 0.0.0.0 is used. The entire address must match or the router must check for a match in the next line in the ACL.
The full syntax of the standard ACL command is as follows:
Router(config)#access-listaccess-list-number deny permit remarksource [source-wildcard ] [log]
The no form of this command is used to remove a standard ACL. The remark keyword makes the access list easier to understand. Each remark is limited to 100 characters. For example, it is not immediately clear what the purpose of the following entry is:
Router(config)#access-list 1 permit 171.69.2.88
It is much easier to read a remark about the entry to understand its effect, as follows:
Router(config)#access-list 1 remark Permit only Jones workstation through access-list 1 permit 171.69.2.88
To remove a standard ACL, use the no form of the command. This is the syntax:
Router(config)#no access-listaccess-list-number
The no form of this command is used to remove a standard ACL. The syntax is as follows:
Router(config)#no access-list access-list-number
The ip access-group command links an existing standard ACL to an interface:
Router(config)#ip access-group {access-list-number | access-list-name } {in | out }
The table shows descriptions of the parameters used in this syntax.
The Lab Activities will teach students how to plan, configure, and apply standard ACLs to permit or deny traffic.
The next page will describe extended ACLs

Comments

Post a Comment

Popular posts from this blog

OSI layers / Peer-to-peer communications / TCP/IP model

OSI layers 2.3.4 This page discusses the seven layers of the OSI model. The OSI reference model is a framework that is used to understand how information travels throughout a network. The OSI reference model explains how packets travel through the various layers to another device on a network, even if the sender and destination have different types of network media. In the OSI reference model, there are seven numbered layers, each of which illustrates a particular network function. - Dividing the network into seven layers provides the following advantages: • It breaks network communication into smaller, more manageable parts. • It standardizes network components to allow multiple vendor development and support. • It allows different types of network hardware and software to communicate with each other. • It prevents changes in one layer from affecting other layers. • It divides network communication into smaller parts to make learning it easier to understand. In the foll...
Post a Comment
Read more

Advantages and disadvantages of link-state routing

Advantages and disadvantages of link-state routing 2.1.5  This page lists the advantages and disadvantages of link-state routing protocols. The following are advantages of link-state routing protocols:  Link-state protocols use cost metrics to choose paths through the network. The cost metric reflects the capacity of the links on those paths. Link-state protocols use triggered updates and LSA floods to immediately report changes in the network topology to all routers in the network. This leads to fast convergence times. Each router has a complete and synchronized picture of the network. Therefore, it is very difficult for routing loops to occur. Routers use the latest information to make the best routing decisions. The link-state database sizes can be minimized with careful network design. This leads to smaller Dijkstra calculations and faster convergence. Every router, at the very least, maps the topology of it...
Post a Comment
Read more

Ports for services

Ports for services 10.2.2  Services running on hosts must have a port number assigned to them so communication can occur. A remote host attempting to connect to a service expects that service to use specific transport layer protocols and ports. Some ports, which are defined in RFC 1700, are known as the well-known ports. These ports are reserved in both TCP and UDP.  These well-known ports define applications that run above the transport layer protocols. For example, a server that runs FTP will use ports 20 and 21 to forward TCP connections from clients to its FTP application. This allows the server to determine which service a client requests. TCP and UDP use port numbers to determine the correct service to which requests are forwarded. The next page will discuss ports in greater detail.
Post a Comment
Read more