CCNA :) Be a Good Network Administrator

Firewall 11.2.5 A firewall is an architectural structure that exists between the user and the outside world to protect the internal network from intruders. In most circumstances, intruders come from the global Internet and the thousands of remote networks that it interconnects. Typically, a network firewall consists of several different machines that work together to prevent unwanted and illegal access. In this architecture, the router that is connected to the Internet, referred to as the exterior router, forces all incoming traffic to go to the application gateway. The router that is connected to the internal network, the interior router, accepts packets only from the application gateway. The gateway controls the delivery of network-based services both into and from the internal network. For example, only certain users might be allowed to communicate with the Internet, or only certain applications might be permitted to establish connections between an interior and exterior...

Placing ACLs 11.2.4 The placement of ACLs is an important consideration. Proper ACL placement will filter traffic and make the network more efficient. The ACL should be placed where it has the greatest impact on efficiency. In Figure the administrator wants to deny Telnet or FTP traffic from the Router A Ethernet LAN segment to the switched Ethernet LAN Fa0/1 on Router D. At the same time, other traffic must be permitted. There are several ways to do this. The recommended solution is an extended ACL that specifies both source and destination addresses. Place this extended ACL in Router A. Then, packets do not cross the Router A Ethernet segment or the serial interfaces of Routers B and C, and do not enter Router D. Traffic with different source and destination addresses will still be permitted. The general rule is to put the extended ACLs as close as possible to the source of the traffic denied. Standard ACLs do not specify destination addresses, so they should be pl...

Named ACLs  11.2.3 IP named ACLs were introduced in Cisco IOS Software Release 11.2. Named ACLs allow standard and extended ACLs to be given names instead of numbers. The following are advantages that are provided by a named access list: Alphanumeric names can be used to identify ACLs. The IOS does not limit the number of named ACLs that can be configured. Named ACLs provide the ability to modify ACLs without deletion and reconfiguration. However, a named access list will only allow for statements to be inserted at the end of a list. It is a good idea to use a text editor to create named ACLs. Consider the following before implementing named ACLs. Named ACLs are not compatible with Cisco IOS releases prior to Release 11.2. The same name may not be used for multiple ACLs. For example, it is not permissible to specify both a standard and extended ACL named George. It is important to be aware of named access lists because of the advan...

Extended ACLs  11.2.2 Extended ACLs are used more often than standard ACLs because they provide a greater range of control. Extended ACLs check the source and destination packet addresses and can also check for protocols and port numbers. This gives greater flexibility to describe what the ACL will check. Access can be permitted or denied based on where a packet originates, its destination, protocol type, and port addresses. An extended ACL can simultaneously allow e-mail traffic from Fa0/0 to specific S0/0 destinations and deny file transfers and Web browsing. When packets are discarded, some protocols send an echo packet to the sender, stating that the destination was unreachable. For a single ACL, multiple statements may be configured. Each statement should have the same access list number, to relate the statements to the same ACL. There can be as many condition statements as needed, limited only by the available router memory. Of course, the more statements there a...