Skip to main content

Standard ACLs

Standard ACLs 
11.2.1
Standard ACLs check the source address of IP packets that are routed. The ACL will either permit or deny access for an entire protocol suite, based on the network, subnet, and host addresses. For example, packets that come in Fa0/0 are checked for their source addresses and protocols. If they are permitted, the packets are routed through the router to an output interface. If they are not permitted, they are dropped at the incoming interface.
The standard version of the access-list global configuration command is used to define a standard ACL with a number in the range of 1 to 99 (also from 1300 to 1999 in recent IOS). In Cisco IOS Software Release 12.0.1, standard ACLs began using additional numbers (1300 to 1999) to provide a maximum of 798 possible standard ACLs. These additional numbers are referred to as expanded IP ACLs. In the first ACL statement, notice that there is no wildcard mask. Since no list is shown, the default mask of 0.0.0.0 is used. The entire address must match or the router must check for a match in the next line in the ACL.
The full syntax of the standard ACL command is as follows:
Router(config)#access-listaccess-list-number deny permit remarksource [source-wildcard ] [log]
The no form of this command is used to remove a standard ACL. The remark keyword makes the access list easier to understand. Each remark is limited to 100 characters. For example, it is not immediately clear what the purpose of the following entry is:
Router(config)#access-list 1 permit 171.69.2.88
It is much easier to read a remark about the entry to understand its effect, as follows:
Router(config)#access-list 1 remark Permit only Jones workstation through access-list 1 permit 171.69.2.88
To remove a standard ACL, use the no form of the command. This is the syntax:
Router(config)#no access-listaccess-list-number
The no form of this command is used to remove a standard ACL. The syntax is as follows:
Router(config)#no access-list access-list-number
The ip access-group command links an existing standard ACL to an interface:
Router(config)#ip access-group {access-list-number | access-list-name } {in | out }
The table shows descriptions of the parameters used in this syntax.
The Lab Activities will teach students how to plan, configure, and apply standard ACLs to permit or deny traffic.
The next page will describe extended ACLs

Comments

Popular posts from this blog

OSI layers / Peer-to-peer communications / TCP/IP model

OSI layers 2.3.4 This page discusses the seven layers of the OSI model. The OSI reference model is a framework that is used to understand how information travels throughout a network. The OSI reference model explains how packets travel through the various layers to another device on a network, even if the sender and destination have different types of network media. In the OSI reference model, there are seven numbered layers, each of which illustrates a particular network function. - Dividing the network into seven layers provides the following advantages: • It breaks network communication into smaller, more manageable parts. • It standardizes network components to allow multiple vendor development and support. • It allows different types of network hardware and software to communicate with each other. • It prevents changes in one layer from affecting other layers. • It divides network communication into smaller parts to make learning it easier to understand. In the foll...

PC Basic...

• Backplane – A backplane is an electronic circuit board containing circuitry and sockets into which additional electronic devices on other circuit boards or cards can be plugged; in a computer, generally synonymous with or part of the motherboard. • Network interface card (NIC) – An expansion board inserted into a computer so that the computer can be connected to a network. • Video card – A board that plugs into a PC to give it display capabilities. • Audio card – An expansion board that enables a computer to manipulate and output sounds. • Parallel port – An interface capable of transferring more than one bit simultaneously that is used to connect external devices such as printers. • Serial port – An interface that can be used for serial communication in which only one bit is transmitted at a time. • Mouse port – A port used to connect a mouse to a PC. • USB port – A Universal Serial Bus connector. A USB port connects devices such as a mouse or printer to the computer ...

Windowing

Windowing 11.1.5 This page will explain how windows are used to transmit data. Data packets must be delivered to the recipient in the same order in which they were transmitted to have a reliable, connection-oriented data transfer. The protocol fails if any data packets are lost, damaged, duplicated, or received in a different order. An easy solution is to have a recipient acknowledge the receipt of each packet before the next packet is sent. If a sender had to wait for an ACK after each packet was sent, throughput would be low. Therefore, most connection-oriented, reliable protocols allow multiple packets to be sent before an ACK is received. The time interval after the sender transmits a data packet and before the sender processes any ACKs is used to transmit more data. The number of data packets the sender can transmit before it receives an ACK is known as the window size, or window. TCP uses expectational ACKs. This means that the ACK number refers to the next packet that is...