CCNA :) Be a Good Network Administrator

The function of a wildcard mask 11.1.4 This page will explain what a wildcard mask is and how it is used. A wildcard mask is a 32-bit quantity that is divided into four octets. A wildcard mask is paired with an IP address. The numbers one and zero in the mask are used to identify how to treat the corresponding IP address bits. The term wildcard mask represents the ACL mask-bit matching process and comes from an analogy of a wildcard that matches any other card in the game of poker. Wildcard masks have no functional relationship with subnet masks. They are used for different purposes and follow different rules. The subnet mask and the wildcard mask represent two different things when they are compared to an IP address. Subnet masks use binary ones and zeros to identify the network, subnet, and host portion of an IP address. Wildcard masks use binary ones and zeros to filter individual or groups of IP addresses to permit or deny access to resources based...

Creating ACLs 11.1.3  This page will explain how ACLs are created in global configuration mode. There are many types of ACLs. This lesson explains standard ACLs, extended ACLs, and named ACLs. When ACLs are configured on a router, each ACL must have a unique identification number assigned to it. This number identifies the type of access list created and must fall within the specific range of numbers that is valid for that type of list.  After the proper command mode is entered and the list type number is decided upon, the user enters the access list statements using the keyword access-list , followed by the proper parameters. After the proper command mode is entered and the list type number is set, the user enters the access list statements with the access-list command followed by the proper parameters. This is the first of the two-step process. The second step of the process is assigning the ACL to the proper interface.  In TCP/IP, ACLs are assigned to one or more int...

How ACLs work  11.1.2  An ACL is made up of statements that define whether packets are accepted or rejected at inbound and outbound interfaces. This page will explain how these statements are edited and added to an ACL. These decisions are made by matching a condition statement in an access list and then performing the accept or reject action defined in the statement. The order in which ACL statements are placed is important. The Cisco IOS software tests the packet against each condition statement in order from the top of the list to the bottom. Once a match is found in the list, the accept or reject action is performed and no other ACL statements are checked. If a condition statement that permits all traffic is located at the top of the list, no statements added below that will ever be checked. If additional condition statements are needed in an access list, the entire ACL must be deleted and recreated with the new condition statements. To make the process of revising an AC...

Access Control List Fundamentals  Introduction to ACLs 11.1.1  This page will explain what ACLs are and how they are used. ACLs are lists of conditions used to test network traffic that tries to travel across a router interface. These lists tell the router what types of packets to accept or deny. Acceptance and denial can be based on specified conditions. ACLs enable management of traffic and secure access to and from a network. ACLs can be created for all routed network protocols such as IP and Internetwork Packet Exchange (IPX). ACLs can be configured at the router to control access to a network or subnet. To filter network traffic, ACLs determine if routed packets are forwarded or blocked at the router interfaces. The router examines each packet and will forward or discard it based on the conditions specified in the ACL. An ACL makes routing decisions based on source address, destination address, protocols, and upper-layer port numbers. ACLs must be defined on a per prot...

Overview Network administrators must be able to deny unwanted access to a network and allow authorized users to access necessary services. Security tools such as passwords, callback equipment, and physical security devices are helpful. However, they often lack the flexibility of basic traffic filters and the specific controls that most administrators prefer. For example, a network administrator may want to allow users access to the Internet, but not permit external users Telnet access into the LAN. Routers provide the capability to filter traffic, such as blocking Internet traffic, with access control lists (ACLs). An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. This module will introduce standard and extended ACLs as a way to control network traffic and explain how they are used as part of a security solution. This module includes tips, considerations, recommendations, and general guidelines on how to use ACLs. It also includ...

Summary This page summarizes the topics discussed in this module. The transport layer of the OSI model is responsible for the reliable transport and regulation of data flow from a source to a destination. TCP makes sure that each host on the network is ready and willing to communicate. A three-way handshake is a process that ensures that each side is ready for data transmission and allows each device to determine the initial sequence number. A three-way handshake starts with a host initiating a connection. The other host receives a packet, records a sequence number and then replies with an ACK. The initiating host then responds back and finalizes the connection. DoS attacks are designed to deny services to legitimate hosts that attempt to establish connections. It is used by hackers to halt system response. SYN flooding is one type of DoS attack. It exploits the normal three-way handshake...

Comparison of MAC addresses, IP addresses, and port numbers  10.2.6  This page will describe the three types of addresses in reference to the OSI model. Port numbers are located at the transport layer and are serviced by the network layer. The network layer assigns the logical address, or IP address, and is then serviced by the data link layer, which assigns the physical address, or MAC address. A good analogy can be made with a normal letter. The address on a letter consists of a name, street, city, and state. These can be compared to the port, MAC, and IP address used for network data. The name on the envelope would be equivalent to a port number, the street address is the MAC, and the city and state is the IP address. Multiple letters can be mailed to the same street address, city and state, but contain different names on the letters. For instance, two letters could be mailed to the same house with one addressed to “ John Doe ” and the other to “ Jane Doe ” . This is an...